Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-1735 (GCVE-0-2020-1735)
Vulnerability from cvelistv5
Published
2020-03-16 15:05
Modified
2024-08-04 06:46
Severity ?
EPSS score ?
Summary
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:46:30.837Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/ansible/ansible/issues/67793", }, { name: "FEDORA-2020-1b6ce91e37", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", }, { name: "FEDORA-2020-3990f03ba3", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", }, { name: "FEDORA-2020-f80154b5b4", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", }, { name: "GLSA-202006-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202006-11", }, { name: "DSA-4950", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4950", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "ansible", vendor: "Red Hat", versions: [ { status: "affected", version: "2.7.x, 2.8.x, 2.9.x", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-07T14:06:21", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/ansible/ansible/issues/67793", }, { name: "FEDORA-2020-1b6ce91e37", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", }, { name: "FEDORA-2020-3990f03ba3", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", }, { name: "FEDORA-2020-f80154b5b4", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", }, { name: "GLSA-202006-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202006-11", }, { name: "DSA-4950", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-4950", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2020-1735", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "ansible", version: { version_data: [ { version_value: "2.7.x, 2.8.x, 2.9.x", }, ], }, }, ], }, vendor_name: "Red Hat", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", }, ], }, impact: { cvss: [ [ { vectorString: "4.2/CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-22", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735", }, { name: "https://github.com/ansible/ansible/issues/67793", refsource: "CONFIRM", url: "https://github.com/ansible/ansible/issues/67793", }, { name: "FEDORA-2020-1b6ce91e37", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", }, { name: "FEDORA-2020-3990f03ba3", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", }, { name: "FEDORA-2020-f80154b5b4", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", }, { name: "GLSA-202006-11", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202006-11", }, { name: "DSA-4950", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-4950", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-1735", datePublished: "2020-03-16T15:05:04", dateReserved: "2019-11-27T00:00:00", dateUpdated: "2024-08-04T06:46:30.837Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.7.17\", \"matchCriteriaId\": \"1AA398A0-5DCC-4202-BB11-B2871FB796B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.8.0\", \"versionEndExcluding\": \"2.8.11\", \"matchCriteriaId\": \"84818035-3E65-464B-A84A-22DADA640D19\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.9.0\", \"versionEndExcluding\": \"2.9.7\", \"matchCriteriaId\": \"341AEE03-9334-416D-9896-A37697B43CCC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.4\", \"matchCriteriaId\": \"C3C5721F-050A-42A3-A71D-6C6BA23D58FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.3.5\", \"versionEndIncluding\": \"3.4.5\", \"matchCriteriaId\": \"64DD1400-5512-493E-85DB-B3C18FBB2DBB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.5.0\", \"versionEndIncluding\": \"3.5.5\", \"matchCriteriaId\": \"F2062F74-68D8-4E75-BC69-6038B519F823\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.6.0\", \"versionEndIncluding\": \"3.6.3\", \"matchCriteriaId\": \"342D4A63-0972-413B-BD65-0495DBF1CDFB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7098B44F-56BF-42E3-8831-48D0A8E99EE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"704CFA1A-953E-4105-BFBE-406034B83DED\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 un fallo en el Ansible Engine cuando es usado el m\\u00f3dulo de b\\u00fasqueda. Un atacante podr\\u00eda interceptar el m\\u00f3dulo, inyectar una nueva ruta y luego elegir una nueva ruta destino en el nodo del controlador. Se cree que todas las versiones de las derivaciones 2.7.x, 2.8.x y 2.9.x son vulnerables.\"}]", id: "CVE-2020-1735", lastModified: "2024-11-21T05:11:16.333", metrics: "{\"cvssMetricV31\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 4.2, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.1, \"impactScore\": 2.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N\", \"baseScore\": 4.6, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.5, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:N\", \"baseScore\": 3.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", published: "2020-03-16T16:15:13.890", references: "[{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/ansible/ansible/issues/67793\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://security.gentoo.org/glsa/202006-11\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4950\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/ansible/ansible/issues/67793\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202006-11\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4950\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]", sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"secalert@redhat.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2020-1735\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2020-03-16T16:15:13.890\",\"lastModified\":\"2024-11-21T05:11:16.333\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.\"},{\"lang\":\"es\",\"value\":\"Se detectó un fallo en el Ansible Engine cuando es usado el módulo de búsqueda. Un atacante podría interceptar el módulo, inyectar una nueva ruta y luego elegir una nueva ruta destino en el nodo del controlador. Se cree que todas las versiones de las derivaciones 2.7.x, 2.8.x y 2.9.x son vulnerables.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":4.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.1,\"impactScore\":2.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N\",\"baseScore\":4.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.5,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":3.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.17\",\"matchCriteriaId\":\"1AA398A0-5DCC-4202-BB11-B2871FB796B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.8.0\",\"versionEndExcluding\":\"2.8.11\",\"matchCriteriaId\":\"84818035-3E65-464B-A84A-22DADA640D19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.9.0\",\"versionEndExcluding\":\"2.9.7\",\"matchCriteriaId\":\"341AEE03-9334-416D-9896-A37697B43CCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.4\",\"matchCriteriaId\":\"C3C5721F-050A-42A3-A71D-6C6BA23D58FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.3.5\",\"versionEndIncluding\":\"3.4.5\",\"matchCriteriaId\":\"64DD1400-5512-493E-85DB-B3C18FBB2DBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.5.0\",\"versionEndIncluding\":\"3.5.5\",\"matchCriteriaId\":\"F2062F74-68D8-4E75-BC69-6038B519F823\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.6.0\",\"versionEndIncluding\":\"3.6.3\",\"matchCriteriaId\":\"342D4A63-0972-413B-BD65-0495DBF1CDFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7098B44F-56BF-42E3-8831-48D0A8E99EE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"704CFA1A-953E-4105-BFBE-406034B83DED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/ansible/ansible/issues/67793\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.gentoo.org/glsa/202006-11\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4950\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/ansible/ansible/issues/67793\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202006-11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4950\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}", }, }
opensuse-su-2024:14244-1
Vulnerability from csaf_opensuse
Published
2024-08-08 00:00
Modified
2024-08-08 00:00
Summary
ansible-9-9.8.0-1.1 on GA media
Notes
Title of the patch
ansible-9-9.8.0-1.1 on GA media
Description of the patch
These are all security issues fixed in the ansible-9-9.8.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14244
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "ansible-9-9.8.0-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the ansible-9-9.8.0-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-14244", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14244-1.json", }, { category: "self", summary: "SUSE CVE CVE-2014-4966 page", url: "https://www.suse.com/security/cve/CVE-2014-4966/", }, { category: "self", summary: "SUSE CVE CVE-2014-4967 page", url: "https://www.suse.com/security/cve/CVE-2014-4967/", }, { category: "self", summary: "SUSE CVE CVE-2015-3908 page", url: "https://www.suse.com/security/cve/CVE-2015-3908/", }, { category: "self", summary: "SUSE CVE CVE-2016-3096 page", url: "https://www.suse.com/security/cve/CVE-2016-3096/", }, { category: "self", summary: "SUSE CVE CVE-2016-9587 page", url: "https://www.suse.com/security/cve/CVE-2016-9587/", }, { category: "self", summary: "SUSE CVE CVE-2017-7466 page", url: "https://www.suse.com/security/cve/CVE-2017-7466/", }, { category: "self", summary: "SUSE CVE CVE-2017-7481 page", url: "https://www.suse.com/security/cve/CVE-2017-7481/", }, { category: "self", summary: "SUSE CVE CVE-2017-7550 page", url: "https://www.suse.com/security/cve/CVE-2017-7550/", }, { category: "self", summary: "SUSE CVE CVE-2018-10855 page", url: "https://www.suse.com/security/cve/CVE-2018-10855/", }, { category: "self", summary: "SUSE CVE CVE-2018-10875 page", url: "https://www.suse.com/security/cve/CVE-2018-10875/", }, { category: "self", summary: "SUSE CVE CVE-2018-16837 page", url: "https://www.suse.com/security/cve/CVE-2018-16837/", }, { category: "self", summary: "SUSE CVE CVE-2018-16859 page", url: "https://www.suse.com/security/cve/CVE-2018-16859/", }, { category: "self", summary: "SUSE CVE CVE-2018-16876 page", url: "https://www.suse.com/security/cve/CVE-2018-16876/", }, { category: "self", summary: "SUSE CVE CVE-2019-10156 page", url: "https://www.suse.com/security/cve/CVE-2019-10156/", }, { category: "self", summary: "SUSE CVE CVE-2019-10206 page", url: "https://www.suse.com/security/cve/CVE-2019-10206/", }, { category: "self", summary: "SUSE CVE CVE-2019-10217 page", url: "https://www.suse.com/security/cve/CVE-2019-10217/", }, { category: "self", summary: "SUSE CVE CVE-2019-14846 page", url: "https://www.suse.com/security/cve/CVE-2019-14846/", }, { category: "self", summary: "SUSE CVE CVE-2019-14856 page", url: "https://www.suse.com/security/cve/CVE-2019-14856/", }, { category: "self", summary: "SUSE CVE CVE-2019-14858 page", url: "https://www.suse.com/security/cve/CVE-2019-14858/", }, { category: "self", summary: "SUSE CVE CVE-2019-14864 page", url: "https://www.suse.com/security/cve/CVE-2019-14864/", }, { category: "self", summary: "SUSE CVE CVE-2019-14904 page", url: "https://www.suse.com/security/cve/CVE-2019-14904/", }, { category: "self", summary: "SUSE CVE CVE-2019-14905 page", url: "https://www.suse.com/security/cve/CVE-2019-14905/", }, { category: "self", summary: "SUSE CVE CVE-2019-3828 page", url: "https://www.suse.com/security/cve/CVE-2019-3828/", }, { category: "self", summary: "SUSE CVE CVE-2020-10684 page", url: "https://www.suse.com/security/cve/CVE-2020-10684/", }, { category: "self", summary: "SUSE CVE CVE-2020-10685 page", url: "https://www.suse.com/security/cve/CVE-2020-10685/", }, { category: "self", summary: "SUSE CVE CVE-2020-10691 page", url: "https://www.suse.com/security/cve/CVE-2020-10691/", }, { category: "self", summary: "SUSE CVE CVE-2020-10729 page", url: "https://www.suse.com/security/cve/CVE-2020-10729/", }, { category: "self", summary: "SUSE CVE CVE-2020-14330 page", url: "https://www.suse.com/security/cve/CVE-2020-14330/", }, { category: "self", summary: "SUSE CVE CVE-2020-14332 page", url: "https://www.suse.com/security/cve/CVE-2020-14332/", }, { category: "self", summary: "SUSE CVE CVE-2020-1733 page", url: "https://www.suse.com/security/cve/CVE-2020-1733/", }, { category: "self", summary: "SUSE CVE CVE-2020-1734 page", url: "https://www.suse.com/security/cve/CVE-2020-1734/", }, { category: "self", summary: "SUSE CVE CVE-2020-1735 page", url: "https://www.suse.com/security/cve/CVE-2020-1735/", }, { category: "self", summary: "SUSE CVE CVE-2020-1736 page", url: "https://www.suse.com/security/cve/CVE-2020-1736/", }, { category: "self", summary: "SUSE CVE CVE-2020-1737 page", url: "https://www.suse.com/security/cve/CVE-2020-1737/", }, { category: "self", summary: "SUSE CVE CVE-2020-1738 page", url: "https://www.suse.com/security/cve/CVE-2020-1738/", }, { category: "self", summary: "SUSE CVE CVE-2020-1739 page", url: "https://www.suse.com/security/cve/CVE-2020-1739/", }, { category: "self", summary: "SUSE CVE CVE-2020-1740 page", url: "https://www.suse.com/security/cve/CVE-2020-1740/", }, { category: "self", summary: "SUSE CVE CVE-2020-1744 page", url: "https://www.suse.com/security/cve/CVE-2020-1744/", }, { category: "self", summary: "SUSE CVE CVE-2020-1746 page", url: "https://www.suse.com/security/cve/CVE-2020-1746/", }, { category: "self", summary: "SUSE CVE CVE-2020-1753 page", url: "https://www.suse.com/security/cve/CVE-2020-1753/", }, { category: "self", summary: "SUSE CVE CVE-2021-20178 page", url: "https://www.suse.com/security/cve/CVE-2021-20178/", }, { category: "self", summary: "SUSE CVE CVE-2021-20180 page", url: "https://www.suse.com/security/cve/CVE-2021-20180/", }, { category: "self", summary: "SUSE CVE CVE-2021-20191 page", url: "https://www.suse.com/security/cve/CVE-2021-20191/", }, { category: "self", summary: "SUSE CVE CVE-2021-20228 page", url: "https://www.suse.com/security/cve/CVE-2021-20228/", }, { category: "self", summary: "SUSE CVE CVE-2021-3583 page", url: "https://www.suse.com/security/cve/CVE-2021-3583/", }, ], title: "ansible-9-9.8.0-1.1 on GA media", tracking: { current_release_date: "2024-08-08T00:00:00Z", generator: { date: "2024-08-08T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:14244-1", initial_release_date: "2024-08-08T00:00:00Z", revision_history: [ { date: "2024-08-08T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ansible-9-9.8.0-1.1.aarch64", product: { name: "ansible-9-9.8.0-1.1.aarch64", product_id: "ansible-9-9.8.0-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "ansible-9-9.8.0-1.1.ppc64le", product: { name: "ansible-9-9.8.0-1.1.ppc64le", product_id: "ansible-9-9.8.0-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "ansible-9-9.8.0-1.1.s390x", product: { name: "ansible-9-9.8.0-1.1.s390x", product_id: "ansible-9-9.8.0-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "ansible-9-9.8.0-1.1.x86_64", product: { name: "ansible-9-9.8.0-1.1.x86_64", product_id: "ansible-9-9.8.0-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-9-9.8.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", }, product_reference: "ansible-9-9.8.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ansible-9-9.8.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", }, product_reference: "ansible-9-9.8.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ansible-9-9.8.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", }, product_reference: "ansible-9-9.8.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ansible-9-9.8.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", }, product_reference: "ansible-9-9.8.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2014-4966", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-4966", }, ], notes: [ { category: "general", text: "Ansible before 1.6.7 does not prevent inventory data with \"{{\" and \"lookup\" substrings, and does not prevent remote data with \"{{\" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-4966", url: "https://www.suse.com/security/cve/CVE-2014-4966", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-4966", }, { cve: "CVE-2014-4967", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-4967", }, ], notes: [ { category: "general", text: "Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing \" src=\" clause, (2) a trailing \" temp=\" clause, or (3) a trailing \" validate=\" clause accompanied by a shell command.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-4967", url: "https://www.suse.com/security/cve/CVE-2014-4967", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-4967", }, { cve: "CVE-2015-3908", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-3908", }, ], notes: [ { category: "general", text: "Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-3908", url: "https://www.suse.com/security/cve/CVE-2015-3908", }, { category: "external", summary: "SUSE Bug 938161 for CVE-2015-3908", url: "https://bugzilla.suse.com/938161", }, { category: "external", summary: "SUSE Bug 938399 for CVE-2015-3908", url: "https://bugzilla.suse.com/938399", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "important", }, ], title: "CVE-2015-3908", }, { cve: "CVE-2016-3096", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-3096", }, ], notes: [ { category: "general", text: "The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-3096", url: "https://www.suse.com/security/cve/CVE-2016-3096", }, { category: "external", summary: "SUSE Bug 973546 for CVE-2016-3096", url: "https://bugzilla.suse.com/973546", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "important", }, ], title: "CVE-2016-3096", }, { cve: "CVE-2016-9587", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-9587", }, ], notes: [ { category: "general", text: "Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-9587", url: "https://www.suse.com/security/cve/CVE-2016-9587", }, { category: "external", summary: "SUSE Bug 1019021 for CVE-2016-9587", url: "https://bugzilla.suse.com/1019021", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "important", }, ], title: "CVE-2016-9587", }, { cve: "CVE-2017-7466", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7466", }, ], notes: [ { category: "general", text: "Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7466", url: "https://www.suse.com/security/cve/CVE-2017-7466", }, { category: "external", summary: "SUSE Bug 1019021 for CVE-2017-7466", url: "https://bugzilla.suse.com/1019021", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "important", }, ], title: "CVE-2017-7466", }, { cve: "CVE-2017-7481", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7481", }, ], notes: [ { category: "general", text: "Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7481", url: "https://www.suse.com/security/cve/CVE-2017-7481", }, { category: "external", summary: "SUSE Bug 1038785 for CVE-2017-7481", url: "https://bugzilla.suse.com/1038785", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-7481", }, { cve: "CVE-2017-7550", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7550", }, ], notes: [ { category: "general", text: "A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the \"params\" argument, and noting this in the module documentation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7550", url: "https://www.suse.com/security/cve/CVE-2017-7550", }, { category: "external", summary: "SUSE Bug 1035124 for CVE-2017-7550", url: "https://bugzilla.suse.com/1035124", }, { category: "external", summary: "SUSE Bug 1065872 for CVE-2017-7550", url: "https://bugzilla.suse.com/1065872", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "important", }, ], title: "CVE-2017-7550", }, { cve: "CVE-2018-10855", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10855", }, ], notes: [ { category: "general", text: "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-10855", url: "https://www.suse.com/security/cve/CVE-2018-10855", }, { category: "external", summary: "SUSE Bug 1097775 for CVE-2018-10855", url: "https://bugzilla.suse.com/1097775", }, { category: "external", summary: "SUSE Bug 1099808 for CVE-2018-10855", url: "https://bugzilla.suse.com/1099808", }, { category: "external", summary: "SUSE Bug 1109957 for CVE-2018-10855", url: "https://bugzilla.suse.com/1109957", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-10855", }, { cve: "CVE-2018-10875", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10875", }, ], notes: [ { category: "general", text: "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-10875", url: "https://www.suse.com/security/cve/CVE-2018-10875", }, { category: "external", summary: "SUSE Bug 1099808 for CVE-2018-10875", url: "https://bugzilla.suse.com/1099808", }, { category: "external", summary: "SUSE Bug 1109957 for CVE-2018-10875", url: "https://bugzilla.suse.com/1109957", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "important", }, ], title: "CVE-2018-10875", }, { cve: "CVE-2018-16837", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16837", }, ], notes: [ { category: "general", text: "Ansible \"User\" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16837", url: "https://www.suse.com/security/cve/CVE-2018-16837", }, { category: "external", summary: "SUSE Bug 1112959 for CVE-2018-16837", url: "https://bugzilla.suse.com/1112959", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "important", }, ], title: "CVE-2018-16837", }, { cve: "CVE-2018-16859", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16859", }, ], notes: [ { category: "general", text: "Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16859", url: "https://www.suse.com/security/cve/CVE-2018-16859", }, { category: "external", summary: "SUSE Bug 1109957 for CVE-2018-16859", url: "https://bugzilla.suse.com/1109957", }, { category: "external", summary: "SUSE Bug 1116587 for CVE-2018-16859", url: "https://bugzilla.suse.com/1116587", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-16859", }, { cve: "CVE-2018-16876", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16876", }, ], notes: [ { category: "general", text: "ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16876", url: "https://www.suse.com/security/cve/CVE-2018-16876", }, { category: "external", summary: "SUSE Bug 1109957 for CVE-2018-16876", url: "https://bugzilla.suse.com/1109957", }, { category: "external", summary: "SUSE Bug 1118896 for CVE-2018-16876", url: "https://bugzilla.suse.com/1118896", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "low", }, ], title: "CVE-2018-16876", }, { cve: "CVE-2019-10156", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-10156", }, ], notes: [ { category: "general", text: "A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-10156", url: "https://www.suse.com/security/cve/CVE-2019-10156", }, { category: "external", summary: "SUSE Bug 1137528 for CVE-2019-10156", url: "https://bugzilla.suse.com/1137528", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-10156", }, { cve: "CVE-2019-10206", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-10206", }, ], notes: [ { category: "general", text: "ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-10206", url: "https://www.suse.com/security/cve/CVE-2019-10206", }, { category: "external", summary: "SUSE Bug 1142690 for CVE-2019-10206", url: "https://bugzilla.suse.com/1142690", }, { category: "external", summary: "SUSE Bug 1154232 for CVE-2019-10206", url: "https://bugzilla.suse.com/1154232", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-10206", }, { cve: "CVE-2019-10217", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-10217", }, ], notes: [ { category: "general", text: "A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-10217", url: "https://www.suse.com/security/cve/CVE-2019-10217", }, { category: "external", summary: "SUSE Bug 1144453 for CVE-2019-10217", url: "https://bugzilla.suse.com/1144453", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-10217", }, { cve: "CVE-2019-14846", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14846", }, ], notes: [ { category: "general", text: "In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14846", url: "https://www.suse.com/security/cve/CVE-2019-14846", }, { category: "external", summary: "SUSE Bug 1153452 for CVE-2019-14846", url: "https://bugzilla.suse.com/1153452", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "low", }, ], title: "CVE-2019-14846", }, { cve: "CVE-2019-14856", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14856", }, ], notes: [ { category: "general", text: "ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14856", url: "https://www.suse.com/security/cve/CVE-2019-14856", }, { category: "external", summary: "SUSE Bug 1154232 for CVE-2019-14856", url: "https://bugzilla.suse.com/1154232", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "low", }, ], title: "CVE-2019-14856", }, { cve: "CVE-2019-14858", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14858", }, ], notes: [ { category: "general", text: "A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14858", url: "https://www.suse.com/security/cve/CVE-2019-14858", }, { category: "external", summary: "SUSE Bug 1154231 for CVE-2019-14858", url: "https://bugzilla.suse.com/1154231", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "low", }, ], title: "CVE-2019-14858", }, { cve: "CVE-2019-14864", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14864", }, ], notes: [ { category: "general", text: "Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14864", url: "https://www.suse.com/security/cve/CVE-2019-14864", }, { category: "external", summary: "SUSE Bug 1154830 for CVE-2019-14864", url: "https://bugzilla.suse.com/1154830", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-14864", }, { cve: "CVE-2019-14904", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14904", }, ], notes: [ { category: "general", text: "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14904", url: "https://www.suse.com/security/cve/CVE-2019-14904", }, { category: "external", summary: "SUSE Bug 1157968 for CVE-2019-14904", url: "https://bugzilla.suse.com/1157968", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "important", }, ], title: "CVE-2019-14904", }, { cve: "CVE-2019-14905", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14905", }, ], notes: [ { category: "general", text: "A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14905", url: "https://www.suse.com/security/cve/CVE-2019-14905", }, { category: "external", summary: "SUSE Bug 1157969 for CVE-2019-14905", url: "https://bugzilla.suse.com/1157969", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "important", }, ], title: "CVE-2019-14905", }, { cve: "CVE-2019-3828", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-3828", }, ], notes: [ { category: "general", text: "Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-3828", url: "https://www.suse.com/security/cve/CVE-2019-3828", }, { category: "external", summary: "SUSE Bug 1126503 for CVE-2019-3828", url: "https://bugzilla.suse.com/1126503", }, { category: "external", summary: "SUSE Bug 1164137 for CVE-2019-3828", url: "https://bugzilla.suse.com/1164137", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-3828", }, { cve: "CVE-2020-10684", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10684", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-10684", url: "https://www.suse.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "SUSE Bug 1167532 for CVE-2020-10684", url: "https://bugzilla.suse.com/1167532", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "important", }, ], title: "CVE-2020-10684", }, { cve: "CVE-2020-10685", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10685", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-10685", url: "https://www.suse.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "SUSE Bug 1167440 for CVE-2020-10685", url: "https://bugzilla.suse.com/1167440", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-10685", }, { cve: "CVE-2020-10691", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10691", }, ], notes: [ { category: "general", text: "An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-10691", url: "https://www.suse.com/security/cve/CVE-2020-10691", }, { category: "external", summary: "SUSE Bug 1167873 for CVE-2020-10691", url: "https://bugzilla.suse.com/1167873", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-10691", }, { cve: "CVE-2020-10729", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10729", }, ], notes: [ { category: "general", text: "A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-10729", url: "https://www.suse.com/security/cve/CVE-2020-10729", }, { category: "external", summary: "SUSE Bug 1171162 for CVE-2020-10729", url: "https://bugzilla.suse.com/1171162", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-10729", }, { cve: "CVE-2020-14330", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14330", }, ], notes: [ { category: "general", text: "An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14330", url: "https://www.suse.com/security/cve/CVE-2020-14330", }, { category: "external", summary: "SUSE Bug 1174145 for CVE-2020-14330", url: "https://bugzilla.suse.com/1174145", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-14330", }, { cve: "CVE-2020-14332", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14332", }, ], notes: [ { category: "general", text: "A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14332", url: "https://www.suse.com/security/cve/CVE-2020-14332", }, { category: "external", summary: "SUSE Bug 1174302 for CVE-2020-14332", url: "https://bugzilla.suse.com/1174302", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-14332", }, { cve: "CVE-2020-1733", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1733", }, ], notes: [ { category: "general", text: "A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1733", url: "https://www.suse.com/security/cve/CVE-2020-1733", }, { category: "external", summary: "SUSE Bug 1164140 for CVE-2020-1733", url: "https://bugzilla.suse.com/1164140", }, { category: "external", summary: "SUSE Bug 1171823 for CVE-2020-1733", url: "https://bugzilla.suse.com/1171823", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-1733", }, { cve: "CVE-2020-1734", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1734", }, ], notes: [ { category: "general", text: "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1734", url: "https://www.suse.com/security/cve/CVE-2020-1734", }, { category: "external", summary: "SUSE Bug 1164139 for CVE-2020-1734", url: "https://bugzilla.suse.com/1164139", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "important", }, ], title: "CVE-2020-1734", }, { cve: "CVE-2020-1735", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1735", }, ], notes: [ { category: "general", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1735", url: "https://www.suse.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "SUSE Bug 1164137 for CVE-2020-1735", url: "https://bugzilla.suse.com/1164137", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-1735", }, { cve: "CVE-2020-1736", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1736", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1736", url: "https://www.suse.com/security/cve/CVE-2020-1736", }, { category: "external", summary: "SUSE Bug 1164134 for CVE-2020-1736", url: "https://bugzilla.suse.com/1164134", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.2, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "low", }, ], title: "CVE-2020-1736", }, { cve: "CVE-2020-1737", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1737", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1737", url: "https://www.suse.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "SUSE Bug 1164138 for CVE-2020-1737", url: "https://bugzilla.suse.com/1164138", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "important", }, ], title: "CVE-2020-1737", }, { cve: "CVE-2020-1738", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1738", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1738", url: "https://www.suse.com/security/cve/CVE-2020-1738", }, { category: "external", summary: "SUSE Bug 1164136 for CVE-2020-1738", url: "https://bugzilla.suse.com/1164136", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-1738", }, { cve: "CVE-2020-1739", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1739", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1739", url: "https://www.suse.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "SUSE Bug 1164133 for CVE-2020-1739", url: "https://bugzilla.suse.com/1164133", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-1739", }, { cve: "CVE-2020-1740", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1740", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1740", url: "https://www.suse.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "SUSE Bug 1164135 for CVE-2020-1740", url: "https://bugzilla.suse.com/1164135", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.9, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "low", }, ], title: "CVE-2020-1740", }, { cve: "CVE-2020-1744", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1744", }, ], notes: [ { category: "general", text: "A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1744", url: "https://www.suse.com/security/cve/CVE-2020-1744", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-1744", }, { cve: "CVE-2020-1746", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1746", }, ], notes: [ { category: "general", text: "A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1746", url: "https://www.suse.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "SUSE Bug 1165393 for CVE-2020-1746", url: "https://bugzilla.suse.com/1165393", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-1746", }, { cve: "CVE-2020-1753", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1753", }, ], notes: [ { category: "general", text: "A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1753", url: "https://www.suse.com/security/cve/CVE-2020-1753", }, { category: "external", summary: "SUSE Bug 1166389 for CVE-2020-1753", url: "https://bugzilla.suse.com/1166389", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-1753", }, { cve: "CVE-2021-20178", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-20178", }, ], notes: [ { category: "general", text: "A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-20178", url: "https://www.suse.com/security/cve/CVE-2021-20178", }, { category: "external", summary: "SUSE Bug 1180816 for CVE-2021-20178", url: "https://bugzilla.suse.com/1180816", }, { category: "external", summary: "SUSE Bug 1186493 for CVE-2021-20178", url: "https://bugzilla.suse.com/1186493", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-20178", }, { cve: "CVE-2021-20180", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-20180", }, ], notes: [ { category: "general", text: "A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-20180", url: "https://www.suse.com/security/cve/CVE-2021-20180", }, { category: "external", summary: "SUSE Bug 1180942 for CVE-2021-20180", url: "https://bugzilla.suse.com/1180942", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-20180", }, { cve: "CVE-2021-20191", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-20191", }, ], notes: [ { category: "general", text: "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-20191", url: "https://www.suse.com/security/cve/CVE-2021-20191", }, { category: "external", summary: "SUSE Bug 1181119 for CVE-2021-20191", url: "https://bugzilla.suse.com/1181119", }, { category: "external", summary: "SUSE Bug 1181935 for CVE-2021-20191", url: "https://bugzilla.suse.com/1181935", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-20191", }, { cve: "CVE-2021-20228", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-20228", }, ], notes: [ { category: "general", text: "A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-20228", url: "https://www.suse.com/security/cve/CVE-2021-20228", }, { category: "external", summary: "SUSE Bug 1181935 for CVE-2021-20228", url: "https://bugzilla.suse.com/1181935", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-20228", }, { cve: "CVE-2021-3583", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3583", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3583", url: "https://www.suse.com/security/cve/CVE-2021-3583", }, { category: "external", summary: "SUSE Bug 1188061 for CVE-2021-3583", url: "https://bugzilla.suse.com/1188061", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x", "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-08-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3583", }, ], }
opensuse-su-2024:10615-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
ansible-2.9.24-1.2 on GA media
Notes
Title of the patch
ansible-2.9.24-1.2 on GA media
Description of the patch
These are all security issues fixed in the ansible-2.9.24-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10615
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "ansible-2.9.24-1.2 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the ansible-2.9.24-1.2 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-10615", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10615-1.json", }, { category: "self", summary: "SUSE CVE CVE-2016-9587 page", url: "https://www.suse.com/security/cve/CVE-2016-9587/", }, { category: "self", summary: "SUSE CVE CVE-2017-7466 page", url: "https://www.suse.com/security/cve/CVE-2017-7466/", }, { category: "self", summary: "SUSE CVE CVE-2017-7481 page", url: "https://www.suse.com/security/cve/CVE-2017-7481/", }, { category: "self", summary: "SUSE CVE CVE-2017-7550 page", url: "https://www.suse.com/security/cve/CVE-2017-7550/", }, { category: "self", summary: "SUSE CVE CVE-2018-10855 page", url: "https://www.suse.com/security/cve/CVE-2018-10855/", }, { category: "self", summary: "SUSE CVE CVE-2018-10875 page", url: "https://www.suse.com/security/cve/CVE-2018-10875/", }, { category: "self", summary: "SUSE CVE CVE-2018-16837 page", url: "https://www.suse.com/security/cve/CVE-2018-16837/", }, { category: "self", summary: "SUSE CVE CVE-2018-16859 page", url: "https://www.suse.com/security/cve/CVE-2018-16859/", }, { category: "self", summary: "SUSE CVE CVE-2018-16876 page", url: "https://www.suse.com/security/cve/CVE-2018-16876/", }, { category: "self", summary: "SUSE CVE CVE-2019-10156 page", url: "https://www.suse.com/security/cve/CVE-2019-10156/", }, { category: "self", summary: "SUSE CVE CVE-2019-10206 page", url: "https://www.suse.com/security/cve/CVE-2019-10206/", }, { category: "self", summary: "SUSE CVE CVE-2019-10217 page", url: "https://www.suse.com/security/cve/CVE-2019-10217/", }, { category: "self", summary: "SUSE CVE CVE-2019-14846 page", url: "https://www.suse.com/security/cve/CVE-2019-14846/", }, { category: "self", summary: "SUSE CVE CVE-2019-14856 page", url: "https://www.suse.com/security/cve/CVE-2019-14856/", }, { category: "self", summary: "SUSE CVE CVE-2019-14858 page", url: "https://www.suse.com/security/cve/CVE-2019-14858/", }, { category: "self", summary: "SUSE CVE CVE-2019-14864 page", url: "https://www.suse.com/security/cve/CVE-2019-14864/", }, { category: "self", summary: "SUSE CVE CVE-2019-14904 page", url: "https://www.suse.com/security/cve/CVE-2019-14904/", }, { category: "self", summary: "SUSE CVE CVE-2019-14905 page", url: "https://www.suse.com/security/cve/CVE-2019-14905/", }, { category: "self", summary: "SUSE CVE CVE-2019-3828 page", url: "https://www.suse.com/security/cve/CVE-2019-3828/", }, { category: "self", summary: "SUSE CVE CVE-2020-10684 page", url: "https://www.suse.com/security/cve/CVE-2020-10684/", }, { category: "self", summary: "SUSE CVE CVE-2020-10685 page", url: "https://www.suse.com/security/cve/CVE-2020-10685/", }, { category: "self", summary: "SUSE CVE CVE-2020-10691 page", url: "https://www.suse.com/security/cve/CVE-2020-10691/", }, { category: "self", summary: "SUSE CVE CVE-2020-10729 page", url: "https://www.suse.com/security/cve/CVE-2020-10729/", }, { category: "self", summary: "SUSE CVE CVE-2020-14330 page", url: "https://www.suse.com/security/cve/CVE-2020-14330/", }, { category: "self", summary: "SUSE CVE CVE-2020-14332 page", url: "https://www.suse.com/security/cve/CVE-2020-14332/", }, { category: "self", summary: "SUSE CVE CVE-2020-1733 page", url: "https://www.suse.com/security/cve/CVE-2020-1733/", }, { category: "self", summary: "SUSE CVE CVE-2020-1734 page", url: "https://www.suse.com/security/cve/CVE-2020-1734/", }, { category: "self", summary: "SUSE CVE CVE-2020-1735 page", url: "https://www.suse.com/security/cve/CVE-2020-1735/", }, { category: "self", summary: "SUSE CVE CVE-2020-1736 page", url: "https://www.suse.com/security/cve/CVE-2020-1736/", }, { category: "self", summary: "SUSE CVE CVE-2020-1737 page", url: "https://www.suse.com/security/cve/CVE-2020-1737/", }, { category: "self", summary: "SUSE CVE CVE-2020-1738 page", url: "https://www.suse.com/security/cve/CVE-2020-1738/", }, { category: "self", summary: "SUSE CVE CVE-2020-1739 page", url: "https://www.suse.com/security/cve/CVE-2020-1739/", }, { category: "self", summary: "SUSE CVE CVE-2020-1740 page", url: "https://www.suse.com/security/cve/CVE-2020-1740/", }, { category: "self", summary: "SUSE CVE CVE-2020-1744 page", url: "https://www.suse.com/security/cve/CVE-2020-1744/", }, { category: "self", summary: "SUSE CVE CVE-2020-1746 page", url: "https://www.suse.com/security/cve/CVE-2020-1746/", }, { category: "self", summary: "SUSE CVE CVE-2020-1753 page", url: "https://www.suse.com/security/cve/CVE-2020-1753/", }, { category: "self", summary: "SUSE CVE CVE-2021-20178 page", url: "https://www.suse.com/security/cve/CVE-2021-20178/", }, { category: "self", summary: "SUSE CVE CVE-2021-20180 page", url: "https://www.suse.com/security/cve/CVE-2021-20180/", }, { category: "self", summary: "SUSE CVE CVE-2021-20191 page", url: "https://www.suse.com/security/cve/CVE-2021-20191/", }, { category: "self", summary: "SUSE CVE CVE-2021-20228 page", url: "https://www.suse.com/security/cve/CVE-2021-20228/", }, { category: "self", summary: "SUSE CVE CVE-2021-3583 page", url: "https://www.suse.com/security/cve/CVE-2021-3583/", }, ], title: "ansible-2.9.24-1.2 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:10615-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ansible-2.9.24-1.2.aarch64", product: { name: "ansible-2.9.24-1.2.aarch64", product_id: "ansible-2.9.24-1.2.aarch64", }, }, { category: "product_version", name: "ansible-doc-2.9.24-1.2.aarch64", product: { name: "ansible-doc-2.9.24-1.2.aarch64", product_id: "ansible-doc-2.9.24-1.2.aarch64", }, }, { category: "product_version", name: "ansible-test-2.9.24-1.2.aarch64", product: { name: "ansible-test-2.9.24-1.2.aarch64", product_id: "ansible-test-2.9.24-1.2.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "ansible-2.9.24-1.2.ppc64le", product: { name: "ansible-2.9.24-1.2.ppc64le", product_id: "ansible-2.9.24-1.2.ppc64le", }, }, { category: "product_version", name: "ansible-doc-2.9.24-1.2.ppc64le", product: { name: "ansible-doc-2.9.24-1.2.ppc64le", product_id: "ansible-doc-2.9.24-1.2.ppc64le", }, }, { category: "product_version", name: "ansible-test-2.9.24-1.2.ppc64le", product: { name: "ansible-test-2.9.24-1.2.ppc64le", product_id: "ansible-test-2.9.24-1.2.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "ansible-2.9.24-1.2.s390x", product: { name: "ansible-2.9.24-1.2.s390x", product_id: "ansible-2.9.24-1.2.s390x", }, }, { category: "product_version", name: "ansible-doc-2.9.24-1.2.s390x", product: { name: "ansible-doc-2.9.24-1.2.s390x", product_id: "ansible-doc-2.9.24-1.2.s390x", }, }, { category: "product_version", name: "ansible-test-2.9.24-1.2.s390x", product: { name: "ansible-test-2.9.24-1.2.s390x", product_id: "ansible-test-2.9.24-1.2.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "ansible-2.9.24-1.2.x86_64", product: { name: "ansible-2.9.24-1.2.x86_64", product_id: "ansible-2.9.24-1.2.x86_64", }, }, { category: "product_version", name: "ansible-doc-2.9.24-1.2.x86_64", product: { name: "ansible-doc-2.9.24-1.2.x86_64", product_id: "ansible-doc-2.9.24-1.2.x86_64", }, }, { category: "product_version", name: "ansible-test-2.9.24-1.2.x86_64", product: { name: "ansible-test-2.9.24-1.2.x86_64", product_id: "ansible-test-2.9.24-1.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-2.9.24-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", }, product_reference: "ansible-2.9.24-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ansible-2.9.24-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", }, product_reference: "ansible-2.9.24-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ansible-2.9.24-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", }, product_reference: "ansible-2.9.24-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ansible-2.9.24-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", }, product_reference: "ansible-2.9.24-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ansible-doc-2.9.24-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", }, product_reference: "ansible-doc-2.9.24-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ansible-doc-2.9.24-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", }, product_reference: "ansible-doc-2.9.24-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ansible-doc-2.9.24-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", }, product_reference: "ansible-doc-2.9.24-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ansible-doc-2.9.24-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", }, product_reference: "ansible-doc-2.9.24-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ansible-test-2.9.24-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", }, product_reference: "ansible-test-2.9.24-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ansible-test-2.9.24-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", }, product_reference: "ansible-test-2.9.24-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ansible-test-2.9.24-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", }, product_reference: "ansible-test-2.9.24-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ansible-test-2.9.24-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", }, product_reference: "ansible-test-2.9.24-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2016-9587", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-9587", }, ], notes: [ { category: "general", text: "Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-9587", url: "https://www.suse.com/security/cve/CVE-2016-9587", }, { category: "external", summary: "SUSE Bug 1019021 for CVE-2016-9587", url: "https://bugzilla.suse.com/1019021", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2016-9587", }, { cve: "CVE-2017-7466", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7466", }, ], notes: [ { category: "general", text: "Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7466", url: "https://www.suse.com/security/cve/CVE-2017-7466", }, { category: "external", summary: "SUSE Bug 1019021 for CVE-2017-7466", url: "https://bugzilla.suse.com/1019021", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-7466", }, { cve: "CVE-2017-7481", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7481", }, ], notes: [ { category: "general", text: "Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7481", url: "https://www.suse.com/security/cve/CVE-2017-7481", }, { category: "external", summary: "SUSE Bug 1038785 for CVE-2017-7481", url: "https://bugzilla.suse.com/1038785", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-7481", }, { cve: "CVE-2017-7550", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7550", }, ], notes: [ { category: "general", text: "A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the \"params\" argument, and noting this in the module documentation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7550", url: "https://www.suse.com/security/cve/CVE-2017-7550", }, { category: "external", summary: "SUSE Bug 1035124 for CVE-2017-7550", url: "https://bugzilla.suse.com/1035124", }, { category: "external", summary: "SUSE Bug 1065872 for CVE-2017-7550", url: "https://bugzilla.suse.com/1065872", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-7550", }, { cve: "CVE-2018-10855", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10855", }, ], notes: [ { category: "general", text: "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-10855", url: "https://www.suse.com/security/cve/CVE-2018-10855", }, { category: "external", summary: "SUSE Bug 1097775 for CVE-2018-10855", url: "https://bugzilla.suse.com/1097775", }, { category: "external", summary: "SUSE Bug 1099808 for CVE-2018-10855", url: "https://bugzilla.suse.com/1099808", }, { category: "external", summary: "SUSE Bug 1109957 for CVE-2018-10855", url: "https://bugzilla.suse.com/1109957", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-10855", }, { cve: "CVE-2018-10875", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10875", }, ], notes: [ { category: "general", text: "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-10875", url: "https://www.suse.com/security/cve/CVE-2018-10875", }, { category: "external", summary: "SUSE Bug 1099808 for CVE-2018-10875", url: "https://bugzilla.suse.com/1099808", }, { category: "external", summary: "SUSE Bug 1109957 for CVE-2018-10875", url: "https://bugzilla.suse.com/1109957", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-10875", }, { cve: "CVE-2018-16837", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16837", }, ], notes: [ { category: "general", text: "Ansible \"User\" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16837", url: "https://www.suse.com/security/cve/CVE-2018-16837", }, { category: "external", summary: "SUSE Bug 1112959 for CVE-2018-16837", url: "https://bugzilla.suse.com/1112959", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-16837", }, { cve: "CVE-2018-16859", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16859", }, ], notes: [ { category: "general", text: "Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16859", url: "https://www.suse.com/security/cve/CVE-2018-16859", }, { category: "external", summary: "SUSE Bug 1109957 for CVE-2018-16859", url: "https://bugzilla.suse.com/1109957", }, { category: "external", summary: "SUSE Bug 1116587 for CVE-2018-16859", url: "https://bugzilla.suse.com/1116587", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-16859", }, { cve: "CVE-2018-16876", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16876", }, ], notes: [ { category: "general", text: "ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16876", url: "https://www.suse.com/security/cve/CVE-2018-16876", }, { category: "external", summary: "SUSE Bug 1109957 for CVE-2018-16876", url: "https://bugzilla.suse.com/1109957", }, { category: "external", summary: "SUSE Bug 1118896 for CVE-2018-16876", url: "https://bugzilla.suse.com/1118896", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2018-16876", }, { cve: "CVE-2019-10156", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-10156", }, ], notes: [ { category: "general", text: "A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-10156", url: "https://www.suse.com/security/cve/CVE-2019-10156", }, { category: "external", summary: "SUSE Bug 1137528 for CVE-2019-10156", url: "https://bugzilla.suse.com/1137528", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-10156", }, { cve: "CVE-2019-10206", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-10206", }, ], notes: [ { category: "general", text: "ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-10206", url: "https://www.suse.com/security/cve/CVE-2019-10206", }, { category: "external", summary: "SUSE Bug 1142690 for CVE-2019-10206", url: "https://bugzilla.suse.com/1142690", }, { category: "external", summary: "SUSE Bug 1154232 for CVE-2019-10206", url: "https://bugzilla.suse.com/1154232", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-10206", }, { cve: "CVE-2019-10217", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-10217", }, ], notes: [ { category: "general", text: "A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-10217", url: "https://www.suse.com/security/cve/CVE-2019-10217", }, { category: "external", summary: "SUSE Bug 1144453 for CVE-2019-10217", url: "https://bugzilla.suse.com/1144453", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-10217", }, { cve: "CVE-2019-14846", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14846", }, ], notes: [ { category: "general", text: "In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14846", url: "https://www.suse.com/security/cve/CVE-2019-14846", }, { category: "external", summary: "SUSE Bug 1153452 for CVE-2019-14846", url: "https://bugzilla.suse.com/1153452", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-14846", }, { cve: "CVE-2019-14856", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14856", }, ], notes: [ { category: "general", text: "ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14856", url: "https://www.suse.com/security/cve/CVE-2019-14856", }, { category: "external", summary: "SUSE Bug 1154232 for CVE-2019-14856", url: "https://bugzilla.suse.com/1154232", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-14856", }, { cve: "CVE-2019-14858", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14858", }, ], notes: [ { category: "general", text: "A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14858", url: "https://www.suse.com/security/cve/CVE-2019-14858", }, { category: "external", summary: "SUSE Bug 1154231 for CVE-2019-14858", url: "https://bugzilla.suse.com/1154231", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-14858", }, { cve: "CVE-2019-14864", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14864", }, ], notes: [ { category: "general", text: "Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14864", url: "https://www.suse.com/security/cve/CVE-2019-14864", }, { category: "external", summary: "SUSE Bug 1154830 for CVE-2019-14864", url: "https://bugzilla.suse.com/1154830", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-14864", }, { cve: "CVE-2019-14904", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14904", }, ], notes: [ { category: "general", text: "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14904", url: "https://www.suse.com/security/cve/CVE-2019-14904", }, { category: "external", summary: "SUSE Bug 1157968 for CVE-2019-14904", url: "https://bugzilla.suse.com/1157968", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2019-14904", }, { cve: "CVE-2019-14905", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14905", }, ], notes: [ { category: "general", text: "A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14905", url: "https://www.suse.com/security/cve/CVE-2019-14905", }, { category: "external", summary: "SUSE Bug 1157969 for CVE-2019-14905", url: "https://bugzilla.suse.com/1157969", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2019-14905", }, { cve: "CVE-2019-3828", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-3828", }, ], notes: [ { category: "general", text: "Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-3828", url: "https://www.suse.com/security/cve/CVE-2019-3828", }, { category: "external", summary: "SUSE Bug 1126503 for CVE-2019-3828", url: "https://bugzilla.suse.com/1126503", }, { category: "external", summary: "SUSE Bug 1164137 for CVE-2019-3828", url: "https://bugzilla.suse.com/1164137", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-3828", }, { cve: "CVE-2020-10684", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10684", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-10684", url: "https://www.suse.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "SUSE Bug 1167532 for CVE-2020-10684", url: "https://bugzilla.suse.com/1167532", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-10684", }, { cve: "CVE-2020-10685", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10685", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-10685", url: "https://www.suse.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "SUSE Bug 1167440 for CVE-2020-10685", url: "https://bugzilla.suse.com/1167440", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-10685", }, { cve: "CVE-2020-10691", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10691", }, ], notes: [ { category: "general", text: "An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-10691", url: "https://www.suse.com/security/cve/CVE-2020-10691", }, { category: "external", summary: "SUSE Bug 1167873 for CVE-2020-10691", url: "https://bugzilla.suse.com/1167873", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-10691", }, { cve: "CVE-2020-10729", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10729", }, ], notes: [ { category: "general", text: "A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-10729", url: "https://www.suse.com/security/cve/CVE-2020-10729", }, { category: "external", summary: "SUSE Bug 1171162 for CVE-2020-10729", url: "https://bugzilla.suse.com/1171162", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-10729", }, { cve: "CVE-2020-14330", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14330", }, ], notes: [ { category: "general", text: "An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14330", url: "https://www.suse.com/security/cve/CVE-2020-14330", }, { category: "external", summary: "SUSE Bug 1174145 for CVE-2020-14330", url: "https://bugzilla.suse.com/1174145", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-14330", }, { cve: "CVE-2020-14332", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14332", }, ], notes: [ { category: "general", text: "A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14332", url: "https://www.suse.com/security/cve/CVE-2020-14332", }, { category: "external", summary: "SUSE Bug 1174302 for CVE-2020-14332", url: "https://bugzilla.suse.com/1174302", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-14332", }, { cve: "CVE-2020-1733", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1733", }, ], notes: [ { category: "general", text: "A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1733", url: "https://www.suse.com/security/cve/CVE-2020-1733", }, { category: "external", summary: "SUSE Bug 1164140 for CVE-2020-1733", url: "https://bugzilla.suse.com/1164140", }, { category: "external", summary: "SUSE Bug 1171823 for CVE-2020-1733", url: "https://bugzilla.suse.com/1171823", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-1733", }, { cve: "CVE-2020-1734", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1734", }, ], notes: [ { category: "general", text: "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1734", url: "https://www.suse.com/security/cve/CVE-2020-1734", }, { category: "external", summary: "SUSE Bug 1164139 for CVE-2020-1734", url: "https://bugzilla.suse.com/1164139", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-1734", }, { cve: "CVE-2020-1735", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1735", }, ], notes: [ { category: "general", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1735", url: "https://www.suse.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "SUSE Bug 1164137 for CVE-2020-1735", url: "https://bugzilla.suse.com/1164137", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-1735", }, { cve: "CVE-2020-1736", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1736", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1736", url: "https://www.suse.com/security/cve/CVE-2020-1736", }, { category: "external", summary: "SUSE Bug 1164134 for CVE-2020-1736", url: "https://bugzilla.suse.com/1164134", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.2, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2020-1736", }, { cve: "CVE-2020-1737", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1737", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1737", url: "https://www.suse.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "SUSE Bug 1164138 for CVE-2020-1737", url: "https://bugzilla.suse.com/1164138", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-1737", }, { cve: "CVE-2020-1738", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1738", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1738", url: "https://www.suse.com/security/cve/CVE-2020-1738", }, { category: "external", summary: "SUSE Bug 1164136 for CVE-2020-1738", url: "https://bugzilla.suse.com/1164136", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-1738", }, { cve: "CVE-2020-1739", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1739", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1739", url: "https://www.suse.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "SUSE Bug 1164133 for CVE-2020-1739", url: "https://bugzilla.suse.com/1164133", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-1739", }, { cve: "CVE-2020-1740", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1740", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1740", url: "https://www.suse.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "SUSE Bug 1164135 for CVE-2020-1740", url: "https://bugzilla.suse.com/1164135", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.9, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2020-1740", }, { cve: "CVE-2020-1744", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1744", }, ], notes: [ { category: "general", text: "A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1744", url: "https://www.suse.com/security/cve/CVE-2020-1744", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-1744", }, { cve: "CVE-2020-1746", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1746", }, ], notes: [ { category: "general", text: "A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1746", url: "https://www.suse.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "SUSE Bug 1165393 for CVE-2020-1746", url: "https://bugzilla.suse.com/1165393", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-1746", }, { cve: "CVE-2020-1753", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1753", }, ], notes: [ { category: "general", text: "A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1753", url: "https://www.suse.com/security/cve/CVE-2020-1753", }, { category: "external", summary: "SUSE Bug 1166389 for CVE-2020-1753", url: "https://bugzilla.suse.com/1166389", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-1753", }, { cve: "CVE-2021-20178", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-20178", }, ], notes: [ { category: "general", text: "A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-20178", url: "https://www.suse.com/security/cve/CVE-2021-20178", }, { category: "external", summary: "SUSE Bug 1180816 for CVE-2021-20178", url: "https://bugzilla.suse.com/1180816", }, { category: "external", summary: "SUSE Bug 1186493 for CVE-2021-20178", url: "https://bugzilla.suse.com/1186493", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-20178", }, { cve: "CVE-2021-20180", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-20180", }, ], notes: [ { category: "general", text: "A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-20180", url: "https://www.suse.com/security/cve/CVE-2021-20180", }, { category: "external", summary: "SUSE Bug 1180942 for CVE-2021-20180", url: "https://bugzilla.suse.com/1180942", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-20180", }, { cve: "CVE-2021-20191", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-20191", }, ], notes: [ { category: "general", text: "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-20191", url: "https://www.suse.com/security/cve/CVE-2021-20191", }, { category: "external", summary: "SUSE Bug 1181119 for CVE-2021-20191", url: "https://bugzilla.suse.com/1181119", }, { category: "external", summary: "SUSE Bug 1181935 for CVE-2021-20191", url: "https://bugzilla.suse.com/1181935", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-20191", }, { cve: "CVE-2021-20228", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-20228", }, ], notes: [ { category: "general", text: "A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-20228", url: "https://www.suse.com/security/cve/CVE-2021-20228", }, { category: "external", summary: "SUSE Bug 1181935 for CVE-2021-20228", url: "https://bugzilla.suse.com/1181935", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-20228", }, { cve: "CVE-2021-3583", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3583", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3583", url: "https://www.suse.com/security/cve/CVE-2021-3583", }, { category: "external", summary: "SUSE Bug 1188061 for CVE-2021-3583", url: "https://bugzilla.suse.com/1188061", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x", "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3583", }, ], }
opensuse-su-2024:14536-1
Vulnerability from csaf_opensuse
Published
2024-12-02 00:00
Modified
2024-12-02 00:00
Summary
ansible-10-10.6.0-1.1 on GA media
Notes
Title of the patch
ansible-10-10.6.0-1.1 on GA media
Description of the patch
These are all security issues fixed in the ansible-10-10.6.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14536
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "ansible-10-10.6.0-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the ansible-10-10.6.0-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-14536", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14536-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2024:14536-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7LWEIR2LXW4QRWCY6HDMLUO2OTX5OZIC/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2024:14536-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7LWEIR2LXW4QRWCY6HDMLUO2OTX5OZIC/", }, { category: "self", summary: "SUSE CVE CVE-2014-4966 page", url: "https://www.suse.com/security/cve/CVE-2014-4966/", }, { category: "self", summary: "SUSE CVE CVE-2014-4967 page", url: "https://www.suse.com/security/cve/CVE-2014-4967/", }, { category: "self", summary: "SUSE CVE CVE-2015-3908 page", url: "https://www.suse.com/security/cve/CVE-2015-3908/", }, { category: "self", summary: "SUSE CVE CVE-2016-3096 page", url: "https://www.suse.com/security/cve/CVE-2016-3096/", }, { category: "self", summary: "SUSE CVE CVE-2016-9587 page", url: "https://www.suse.com/security/cve/CVE-2016-9587/", }, { category: "self", summary: "SUSE CVE CVE-2017-7466 page", url: "https://www.suse.com/security/cve/CVE-2017-7466/", }, { category: "self", summary: "SUSE CVE CVE-2017-7481 page", url: "https://www.suse.com/security/cve/CVE-2017-7481/", }, { category: "self", summary: "SUSE CVE CVE-2017-7550 page", url: "https://www.suse.com/security/cve/CVE-2017-7550/", }, { category: "self", summary: "SUSE CVE CVE-2018-10855 page", url: "https://www.suse.com/security/cve/CVE-2018-10855/", }, { category: "self", summary: "SUSE CVE CVE-2018-10875 page", url: "https://www.suse.com/security/cve/CVE-2018-10875/", }, { category: "self", summary: "SUSE CVE CVE-2018-16837 page", url: "https://www.suse.com/security/cve/CVE-2018-16837/", }, { category: "self", summary: "SUSE CVE CVE-2018-16859 page", url: "https://www.suse.com/security/cve/CVE-2018-16859/", }, { category: "self", summary: "SUSE CVE CVE-2018-16876 page", url: "https://www.suse.com/security/cve/CVE-2018-16876/", }, { category: "self", summary: "SUSE CVE CVE-2019-10156 page", url: "https://www.suse.com/security/cve/CVE-2019-10156/", }, { category: "self", summary: "SUSE CVE CVE-2019-10206 page", url: "https://www.suse.com/security/cve/CVE-2019-10206/", }, { category: "self", summary: "SUSE CVE CVE-2019-10217 page", url: "https://www.suse.com/security/cve/CVE-2019-10217/", }, { category: "self", summary: "SUSE CVE CVE-2019-14846 page", url: "https://www.suse.com/security/cve/CVE-2019-14846/", }, { category: "self", summary: "SUSE CVE CVE-2019-14856 page", url: "https://www.suse.com/security/cve/CVE-2019-14856/", }, { category: "self", summary: "SUSE CVE CVE-2019-14858 page", url: "https://www.suse.com/security/cve/CVE-2019-14858/", }, { category: "self", summary: "SUSE CVE CVE-2019-14864 page", url: "https://www.suse.com/security/cve/CVE-2019-14864/", }, { category: "self", summary: "SUSE CVE CVE-2019-14904 page", url: "https://www.suse.com/security/cve/CVE-2019-14904/", }, { category: "self", summary: "SUSE CVE CVE-2019-14905 page", url: "https://www.suse.com/security/cve/CVE-2019-14905/", }, { category: "self", summary: "SUSE CVE CVE-2019-3828 page", url: "https://www.suse.com/security/cve/CVE-2019-3828/", }, { category: "self", summary: "SUSE CVE CVE-2020-10684 page", url: "https://www.suse.com/security/cve/CVE-2020-10684/", }, { category: "self", summary: "SUSE CVE CVE-2020-10685 page", url: "https://www.suse.com/security/cve/CVE-2020-10685/", }, { category: "self", summary: "SUSE CVE CVE-2020-10691 page", url: "https://www.suse.com/security/cve/CVE-2020-10691/", }, { category: "self", summary: "SUSE CVE CVE-2020-10729 page", url: "https://www.suse.com/security/cve/CVE-2020-10729/", }, { category: "self", summary: "SUSE CVE CVE-2020-14330 page", url: "https://www.suse.com/security/cve/CVE-2020-14330/", }, { category: "self", summary: "SUSE CVE CVE-2020-14332 page", url: "https://www.suse.com/security/cve/CVE-2020-14332/", }, { category: "self", summary: "SUSE CVE CVE-2020-1733 page", url: "https://www.suse.com/security/cve/CVE-2020-1733/", }, { category: "self", summary: "SUSE CVE CVE-2020-1734 page", url: "https://www.suse.com/security/cve/CVE-2020-1734/", }, { category: "self", summary: "SUSE CVE CVE-2020-1735 page", url: "https://www.suse.com/security/cve/CVE-2020-1735/", }, { category: "self", summary: "SUSE CVE CVE-2020-1736 page", url: "https://www.suse.com/security/cve/CVE-2020-1736/", }, { category: "self", summary: "SUSE CVE CVE-2020-1737 page", url: "https://www.suse.com/security/cve/CVE-2020-1737/", }, { category: "self", summary: "SUSE CVE CVE-2020-1738 page", url: "https://www.suse.com/security/cve/CVE-2020-1738/", }, { category: "self", summary: "SUSE CVE CVE-2020-1739 page", url: "https://www.suse.com/security/cve/CVE-2020-1739/", }, { category: "self", summary: "SUSE CVE CVE-2020-1740 page", url: "https://www.suse.com/security/cve/CVE-2020-1740/", }, { category: "self", summary: "SUSE CVE CVE-2020-1744 page", url: "https://www.suse.com/security/cve/CVE-2020-1744/", }, { category: "self", summary: "SUSE CVE CVE-2020-1746 page", url: "https://www.suse.com/security/cve/CVE-2020-1746/", }, { category: "self", summary: "SUSE CVE CVE-2020-1753 page", url: "https://www.suse.com/security/cve/CVE-2020-1753/", }, { category: "self", summary: "SUSE CVE CVE-2021-20178 page", url: "https://www.suse.com/security/cve/CVE-2021-20178/", }, { category: "self", summary: "SUSE CVE CVE-2021-20180 page", url: "https://www.suse.com/security/cve/CVE-2021-20180/", }, { category: "self", summary: "SUSE CVE CVE-2021-20191 page", url: "https://www.suse.com/security/cve/CVE-2021-20191/", }, { category: "self", summary: "SUSE CVE CVE-2021-20228 page", url: "https://www.suse.com/security/cve/CVE-2021-20228/", }, { category: "self", summary: "SUSE CVE CVE-2021-3583 page", url: "https://www.suse.com/security/cve/CVE-2021-3583/", }, ], title: "ansible-10-10.6.0-1.1 on GA media", tracking: { current_release_date: "2024-12-02T00:00:00Z", generator: { date: "2024-12-02T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:14536-1", initial_release_date: "2024-12-02T00:00:00Z", revision_history: [ { date: "2024-12-02T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ansible-10-10.6.0-1.1.aarch64", product: { name: "ansible-10-10.6.0-1.1.aarch64", product_id: "ansible-10-10.6.0-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "ansible-10-10.6.0-1.1.ppc64le", product: { name: "ansible-10-10.6.0-1.1.ppc64le", product_id: "ansible-10-10.6.0-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "ansible-10-10.6.0-1.1.s390x", product: { name: "ansible-10-10.6.0-1.1.s390x", product_id: "ansible-10-10.6.0-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "ansible-10-10.6.0-1.1.x86_64", product: { name: "ansible-10-10.6.0-1.1.x86_64", product_id: "ansible-10-10.6.0-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-10-10.6.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", }, product_reference: "ansible-10-10.6.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ansible-10-10.6.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", }, product_reference: "ansible-10-10.6.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ansible-10-10.6.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", }, product_reference: "ansible-10-10.6.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ansible-10-10.6.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", }, product_reference: "ansible-10-10.6.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2014-4966", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-4966", }, ], notes: [ { category: "general", text: "Ansible before 1.6.7 does not prevent inventory data with \"{{\" and \"lookup\" substrings, and does not prevent remote data with \"{{\" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-4966", url: "https://www.suse.com/security/cve/CVE-2014-4966", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-4966", }, { cve: "CVE-2014-4967", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-4967", }, ], notes: [ { category: "general", text: "Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing \" src=\" clause, (2) a trailing \" temp=\" clause, or (3) a trailing \" validate=\" clause accompanied by a shell command.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-4967", url: "https://www.suse.com/security/cve/CVE-2014-4967", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-4967", }, { cve: "CVE-2015-3908", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-3908", }, ], notes: [ { category: "general", text: "Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-3908", url: "https://www.suse.com/security/cve/CVE-2015-3908", }, { category: "external", summary: "SUSE Bug 938161 for CVE-2015-3908", url: "https://bugzilla.suse.com/938161", }, { category: "external", summary: "SUSE Bug 938399 for CVE-2015-3908", url: "https://bugzilla.suse.com/938399", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "important", }, ], title: "CVE-2015-3908", }, { cve: "CVE-2016-3096", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-3096", }, ], notes: [ { category: "general", text: "The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-3096", url: "https://www.suse.com/security/cve/CVE-2016-3096", }, { category: "external", summary: "SUSE Bug 973546 for CVE-2016-3096", url: "https://bugzilla.suse.com/973546", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "important", }, ], title: "CVE-2016-3096", }, { cve: "CVE-2016-9587", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-9587", }, ], notes: [ { category: "general", text: "Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-9587", url: "https://www.suse.com/security/cve/CVE-2016-9587", }, { category: "external", summary: "SUSE Bug 1019021 for CVE-2016-9587", url: "https://bugzilla.suse.com/1019021", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "important", }, ], title: "CVE-2016-9587", }, { cve: "CVE-2017-7466", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7466", }, ], notes: [ { category: "general", text: "Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7466", url: "https://www.suse.com/security/cve/CVE-2017-7466", }, { category: "external", summary: "SUSE Bug 1019021 for CVE-2017-7466", url: "https://bugzilla.suse.com/1019021", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "important", }, ], title: "CVE-2017-7466", }, { cve: "CVE-2017-7481", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7481", }, ], notes: [ { category: "general", text: "Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7481", url: "https://www.suse.com/security/cve/CVE-2017-7481", }, { category: "external", summary: "SUSE Bug 1038785 for CVE-2017-7481", url: "https://bugzilla.suse.com/1038785", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-7481", }, { cve: "CVE-2017-7550", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7550", }, ], notes: [ { category: "general", text: "A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the \"params\" argument, and noting this in the module documentation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7550", url: "https://www.suse.com/security/cve/CVE-2017-7550", }, { category: "external", summary: "SUSE Bug 1035124 for CVE-2017-7550", url: "https://bugzilla.suse.com/1035124", }, { category: "external", summary: "SUSE Bug 1065872 for CVE-2017-7550", url: "https://bugzilla.suse.com/1065872", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "important", }, ], title: "CVE-2017-7550", }, { cve: "CVE-2018-10855", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10855", }, ], notes: [ { category: "general", text: "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-10855", url: "https://www.suse.com/security/cve/CVE-2018-10855", }, { category: "external", summary: "SUSE Bug 1097775 for CVE-2018-10855", url: "https://bugzilla.suse.com/1097775", }, { category: "external", summary: "SUSE Bug 1099808 for CVE-2018-10855", url: "https://bugzilla.suse.com/1099808", }, { category: "external", summary: "SUSE Bug 1109957 for CVE-2018-10855", url: "https://bugzilla.suse.com/1109957", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-10855", }, { cve: "CVE-2018-10875", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10875", }, ], notes: [ { category: "general", text: "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-10875", url: "https://www.suse.com/security/cve/CVE-2018-10875", }, { category: "external", summary: "SUSE Bug 1099808 for CVE-2018-10875", url: "https://bugzilla.suse.com/1099808", }, { category: "external", summary: "SUSE Bug 1109957 for CVE-2018-10875", url: "https://bugzilla.suse.com/1109957", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "important", }, ], title: "CVE-2018-10875", }, { cve: "CVE-2018-16837", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16837", }, ], notes: [ { category: "general", text: "Ansible \"User\" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16837", url: "https://www.suse.com/security/cve/CVE-2018-16837", }, { category: "external", summary: "SUSE Bug 1112959 for CVE-2018-16837", url: "https://bugzilla.suse.com/1112959", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "important", }, ], title: "CVE-2018-16837", }, { cve: "CVE-2018-16859", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16859", }, ], notes: [ { category: "general", text: "Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16859", url: "https://www.suse.com/security/cve/CVE-2018-16859", }, { category: "external", summary: "SUSE Bug 1109957 for CVE-2018-16859", url: "https://bugzilla.suse.com/1109957", }, { category: "external", summary: "SUSE Bug 1116587 for CVE-2018-16859", url: "https://bugzilla.suse.com/1116587", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-16859", }, { cve: "CVE-2018-16876", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16876", }, ], notes: [ { category: "general", text: "ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16876", url: "https://www.suse.com/security/cve/CVE-2018-16876", }, { category: "external", summary: "SUSE Bug 1109957 for CVE-2018-16876", url: "https://bugzilla.suse.com/1109957", }, { category: "external", summary: "SUSE Bug 1118896 for CVE-2018-16876", url: "https://bugzilla.suse.com/1118896", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "low", }, ], title: "CVE-2018-16876", }, { cve: "CVE-2019-10156", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-10156", }, ], notes: [ { category: "general", text: "A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-10156", url: "https://www.suse.com/security/cve/CVE-2019-10156", }, { category: "external", summary: "SUSE Bug 1137528 for CVE-2019-10156", url: "https://bugzilla.suse.com/1137528", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-10156", }, { cve: "CVE-2019-10206", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-10206", }, ], notes: [ { category: "general", text: "ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-10206", url: "https://www.suse.com/security/cve/CVE-2019-10206", }, { category: "external", summary: "SUSE Bug 1142690 for CVE-2019-10206", url: "https://bugzilla.suse.com/1142690", }, { category: "external", summary: "SUSE Bug 1154232 for CVE-2019-10206", url: "https://bugzilla.suse.com/1154232", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-10206", }, { cve: "CVE-2019-10217", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-10217", }, ], notes: [ { category: "general", text: "A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-10217", url: "https://www.suse.com/security/cve/CVE-2019-10217", }, { category: "external", summary: "SUSE Bug 1144453 for CVE-2019-10217", url: "https://bugzilla.suse.com/1144453", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-10217", }, { cve: "CVE-2019-14846", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14846", }, ], notes: [ { category: "general", text: "In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14846", url: "https://www.suse.com/security/cve/CVE-2019-14846", }, { category: "external", summary: "SUSE Bug 1153452 for CVE-2019-14846", url: "https://bugzilla.suse.com/1153452", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "low", }, ], title: "CVE-2019-14846", }, { cve: "CVE-2019-14856", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14856", }, ], notes: [ { category: "general", text: "ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14856", url: "https://www.suse.com/security/cve/CVE-2019-14856", }, { category: "external", summary: "SUSE Bug 1154232 for CVE-2019-14856", url: "https://bugzilla.suse.com/1154232", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "low", }, ], title: "CVE-2019-14856", }, { cve: "CVE-2019-14858", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14858", }, ], notes: [ { category: "general", text: "A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14858", url: "https://www.suse.com/security/cve/CVE-2019-14858", }, { category: "external", summary: "SUSE Bug 1154231 for CVE-2019-14858", url: "https://bugzilla.suse.com/1154231", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "low", }, ], title: "CVE-2019-14858", }, { cve: "CVE-2019-14864", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14864", }, ], notes: [ { category: "general", text: "Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14864", url: "https://www.suse.com/security/cve/CVE-2019-14864", }, { category: "external", summary: "SUSE Bug 1154830 for CVE-2019-14864", url: "https://bugzilla.suse.com/1154830", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-14864", }, { cve: "CVE-2019-14904", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14904", }, ], notes: [ { category: "general", text: "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14904", url: "https://www.suse.com/security/cve/CVE-2019-14904", }, { category: "external", summary: "SUSE Bug 1157968 for CVE-2019-14904", url: "https://bugzilla.suse.com/1157968", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "important", }, ], title: "CVE-2019-14904", }, { cve: "CVE-2019-14905", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14905", }, ], notes: [ { category: "general", text: "A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14905", url: "https://www.suse.com/security/cve/CVE-2019-14905", }, { category: "external", summary: "SUSE Bug 1157969 for CVE-2019-14905", url: "https://bugzilla.suse.com/1157969", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "important", }, ], title: "CVE-2019-14905", }, { cve: "CVE-2019-3828", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-3828", }, ], notes: [ { category: "general", text: "Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-3828", url: "https://www.suse.com/security/cve/CVE-2019-3828", }, { category: "external", summary: "SUSE Bug 1126503 for CVE-2019-3828", url: "https://bugzilla.suse.com/1126503", }, { category: "external", summary: "SUSE Bug 1164137 for CVE-2019-3828", url: "https://bugzilla.suse.com/1164137", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-3828", }, { cve: "CVE-2020-10684", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10684", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-10684", url: "https://www.suse.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "SUSE Bug 1167532 for CVE-2020-10684", url: "https://bugzilla.suse.com/1167532", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "important", }, ], title: "CVE-2020-10684", }, { cve: "CVE-2020-10685", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10685", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-10685", url: "https://www.suse.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "SUSE Bug 1167440 for CVE-2020-10685", url: "https://bugzilla.suse.com/1167440", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-10685", }, { cve: "CVE-2020-10691", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10691", }, ], notes: [ { category: "general", text: "An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-10691", url: "https://www.suse.com/security/cve/CVE-2020-10691", }, { category: "external", summary: "SUSE Bug 1167873 for CVE-2020-10691", url: "https://bugzilla.suse.com/1167873", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-10691", }, { cve: "CVE-2020-10729", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10729", }, ], notes: [ { category: "general", text: "A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-10729", url: "https://www.suse.com/security/cve/CVE-2020-10729", }, { category: "external", summary: "SUSE Bug 1171162 for CVE-2020-10729", url: "https://bugzilla.suse.com/1171162", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-10729", }, { cve: "CVE-2020-14330", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14330", }, ], notes: [ { category: "general", text: "An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14330", url: "https://www.suse.com/security/cve/CVE-2020-14330", }, { category: "external", summary: "SUSE Bug 1174145 for CVE-2020-14330", url: "https://bugzilla.suse.com/1174145", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-14330", }, { cve: "CVE-2020-14332", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14332", }, ], notes: [ { category: "general", text: "A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14332", url: "https://www.suse.com/security/cve/CVE-2020-14332", }, { category: "external", summary: "SUSE Bug 1174302 for CVE-2020-14332", url: "https://bugzilla.suse.com/1174302", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-14332", }, { cve: "CVE-2020-1733", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1733", }, ], notes: [ { category: "general", text: "A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1733", url: "https://www.suse.com/security/cve/CVE-2020-1733", }, { category: "external", summary: "SUSE Bug 1164140 for CVE-2020-1733", url: "https://bugzilla.suse.com/1164140", }, { category: "external", summary: "SUSE Bug 1171823 for CVE-2020-1733", url: "https://bugzilla.suse.com/1171823", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-1733", }, { cve: "CVE-2020-1734", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1734", }, ], notes: [ { category: "general", text: "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1734", url: "https://www.suse.com/security/cve/CVE-2020-1734", }, { category: "external", summary: "SUSE Bug 1164139 for CVE-2020-1734", url: "https://bugzilla.suse.com/1164139", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "important", }, ], title: "CVE-2020-1734", }, { cve: "CVE-2020-1735", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1735", }, ], notes: [ { category: "general", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1735", url: "https://www.suse.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "SUSE Bug 1164137 for CVE-2020-1735", url: "https://bugzilla.suse.com/1164137", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-1735", }, { cve: "CVE-2020-1736", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1736", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1736", url: "https://www.suse.com/security/cve/CVE-2020-1736", }, { category: "external", summary: "SUSE Bug 1164134 for CVE-2020-1736", url: "https://bugzilla.suse.com/1164134", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.2, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "low", }, ], title: "CVE-2020-1736", }, { cve: "CVE-2020-1737", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1737", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1737", url: "https://www.suse.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "SUSE Bug 1164138 for CVE-2020-1737", url: "https://bugzilla.suse.com/1164138", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "important", }, ], title: "CVE-2020-1737", }, { cve: "CVE-2020-1738", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1738", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1738", url: "https://www.suse.com/security/cve/CVE-2020-1738", }, { category: "external", summary: "SUSE Bug 1164136 for CVE-2020-1738", url: "https://bugzilla.suse.com/1164136", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-1738", }, { cve: "CVE-2020-1739", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1739", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1739", url: "https://www.suse.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "SUSE Bug 1164133 for CVE-2020-1739", url: "https://bugzilla.suse.com/1164133", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-1739", }, { cve: "CVE-2020-1740", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1740", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1740", url: "https://www.suse.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "SUSE Bug 1164135 for CVE-2020-1740", url: "https://bugzilla.suse.com/1164135", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.9, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "low", }, ], title: "CVE-2020-1740", }, { cve: "CVE-2020-1744", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1744", }, ], notes: [ { category: "general", text: "A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1744", url: "https://www.suse.com/security/cve/CVE-2020-1744", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-1744", }, { cve: "CVE-2020-1746", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1746", }, ], notes: [ { category: "general", text: "A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1746", url: "https://www.suse.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "SUSE Bug 1165393 for CVE-2020-1746", url: "https://bugzilla.suse.com/1165393", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-1746", }, { cve: "CVE-2020-1753", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1753", }, ], notes: [ { category: "general", text: "A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1753", url: "https://www.suse.com/security/cve/CVE-2020-1753", }, { category: "external", summary: "SUSE Bug 1166389 for CVE-2020-1753", url: "https://bugzilla.suse.com/1166389", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-1753", }, { cve: "CVE-2021-20178", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-20178", }, ], notes: [ { category: "general", text: "A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-20178", url: "https://www.suse.com/security/cve/CVE-2021-20178", }, { category: "external", summary: "SUSE Bug 1180816 for CVE-2021-20178", url: "https://bugzilla.suse.com/1180816", }, { category: "external", summary: "SUSE Bug 1186493 for CVE-2021-20178", url: "https://bugzilla.suse.com/1186493", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-20178", }, { cve: "CVE-2021-20180", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-20180", }, ], notes: [ { category: "general", text: "A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-20180", url: "https://www.suse.com/security/cve/CVE-2021-20180", }, { category: "external", summary: "SUSE Bug 1180942 for CVE-2021-20180", url: "https://bugzilla.suse.com/1180942", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-20180", }, { cve: "CVE-2021-20191", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-20191", }, ], notes: [ { category: "general", text: "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-20191", url: "https://www.suse.com/security/cve/CVE-2021-20191", }, { category: "external", summary: "SUSE Bug 1181119 for CVE-2021-20191", url: "https://bugzilla.suse.com/1181119", }, { category: "external", summary: "SUSE Bug 1181935 for CVE-2021-20191", url: "https://bugzilla.suse.com/1181935", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-20191", }, { cve: "CVE-2021-20228", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-20228", }, ], notes: [ { category: "general", text: "A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-20228", url: "https://www.suse.com/security/cve/CVE-2021-20228", }, { category: "external", summary: "SUSE Bug 1181935 for CVE-2021-20228", url: "https://bugzilla.suse.com/1181935", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-20228", }, { cve: "CVE-2021-3583", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3583", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3583", url: "https://www.suse.com/security/cve/CVE-2021-3583", }, { category: "external", summary: "SUSE Bug 1188061 for CVE-2021-3583", url: "https://bugzilla.suse.com/1188061", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x", "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-12-02T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3583", }, ], }
opensuse-su-2022:0081-1
Vulnerability from csaf_opensuse
Published
2022-03-16 16:09
Modified
2022-03-16 16:09
Summary
Security update for ansible
Notes
Title of the patch
Security update for ansible
Description of the patch
Ansible was updated to 2.9.21 to fix lots of bugs and security issues.
Update to version 2.9.20, maintenance release containing numerous bugfixes.
Update to version 2.9.19 with minor changes and a few bug fixes.
Update to version 2.9.18:
* CVE-2021-20228 where default and fallback values for no_log parameters
to modules were not previously masked. (bsc#1181935)
* CVE-2021-20178 where several parameters to the snmp_facts module were
logged and displayed despite containing sensitive information. (bsc#1180816)
* CVE-2021-20180 where several parameters to the
bitbucket_pipeline_variable were logged and displayed despite
containing sensitive information. (bsc#1180942)
* CVE-2021-20191 which addresses a number of modules whose parameters
were logged and displayed despite containing sensitive
information. For the full list of affected modules, refer to the
changelog linked below. (bsc#1181119)
Update to version 2.9.17 with minor changes and a few bug fixes.
Update to version 2.9.16 with minor changes and many bug fixes.
update to version 2.9.15 with following breaking change:
* ansible-galaxy login command has been removed
update to version 2.9.14 with many small improvements and bug fixes,
most notably:
* kubectl - connection plugin now redact kubectl_token and
kubectl_password in console log (CVE-2020-1753 bsc#1166389).
update to version 2.9.13 with many bug fixes, most notably:
* A security issue was addressed in the 'dnf' module, which previously
did not check GPG signatures of packages.
* A bug in the 'cron' module was fixed. In some cases prior to this
fix, the module would inadvertently remove cron entries.
update to version 2.9.12 with many bug fixes,
most notably the following security fixes:
* security issue - copy - Redact the value of the no_log 'content'
parameter in the result's invocation.module_args in check mode.
Previously when used with check mode and with '-vvv', the module would
not censor the content if a change would be made to the destination path.
(CVE-2020-14332 bsc#1174302)
* security issue atomic_move - change default permissions when creating
temporary files so they are not world readable
(https://github.com/ansible/ansible/issues/67794) (CVE-2020-1736 bsc#1164134)
* Fix warning for default permission change when no mode is specified.
Follow up to https://github.com/ansible/ansible/issues/67794.
(CVE-2020-1736)
* Sanitize no_log values from any response keys that might be returned
from the uri module (CVE-2020-14330 bsc#1174145).
* reset logging level to INFO due to CVE-2019-14846.
update to version 2.9.11 with many bug fixes
update to version 2.9.10 with many bug fixes.
- Add CVE-2020-1733_avoid_mkdir_p.patch to fix CVE-2020-1733
(bsc#1164140)
update to version 2.9.9
* fix for a regression introduced in 2.9.8
update to version 2.9.8, maintenance release containing numerous bugfixes
update to version 2.9.7 with many bug fixes,
especially for these security issues:
- bsc#1164140 CVE-2020-1733 - insecure temporary directory when
running become_user from become directive
- bsc#1164139 CVE-2020-1734 shell enabled by default in a pipe
lookup plugin subprocess
- bsc#1164137 CVE-2020-1735 - path injection on dest parameter
in fetch module
- bsc#1164134 CVE-2020-1736 atomic_move primitive sets
permissive permissions
- bsc#1164138 CVE-2020-1737 - Extract-Zip function in win_unzip
module does not check extracted path
- bsc#1164136 CVE-2020-1738 module package can be selected by
the ansible facts
- bsc#1164133 CVE-2020-1739 - svn module leaks password when
specified as a parameter
- bsc#1164135 CVE-2020-1740 - secrets readable after
ansible-vault edit
- bsc#1165393 CVE-2020-1746 - information disclosure issue in
ldap_attr and ldap_entry modules
- bsc#1166389 CVE-2020-1753 - kubectl connection plugin leaks
sensitive information
- bsc#1167532 CVE-2020-10684 - code injection when using
ansible_facts as a subkey
- bsc#1167440 CVE-2020-10685 - modules which use files
encrypted with vault are not properly cleaned up
- bsc#1167873 CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2]
Fixed before 2.9.6, but not yet listed:
- bsc#1171162 CVE-2020-10729 two random password lookups in
same task return same value
- bsc#1157968 CVE-2019-14904 vulnerability in solaris_zone
module via crafted solaris zone
- bsc#1157969 CVE-2019-14905 malicious code could craft
filename in nxos_file_copy module
- bsc#1112959 CVE-2018-16837 Information leak in 'user' module patch added
- (bsc#1137528) CVE-2019-10156: ansible: templating causing an
- bsc#1118896 CVE-2018-16876 Information disclosure in vvv+ mode with no_log on (https://github.com/ansible/ansible/pull/49569)
- Includes fix for bsc#1099808 (CVE-2018-10875) ansible.cfg is being read
from current working directory allowing possible code execution
Patchnames
openSUSE-2022-81
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for ansible", title: "Title of the patch", }, { category: "description", text: "\nAnsible was updated to 2.9.21 to fix lots of bugs and security issues.\n\nUpdate to version 2.9.20, maintenance release containing numerous bugfixes.\n\nUpdate to version 2.9.19 with minor changes and a few bug fixes.\n\nUpdate to version 2.9.18:\n\n* CVE-2021-20228 where default and fallback values for no_log parameters\n to modules were not previously masked. (bsc#1181935)\n* CVE-2021-20178 where several parameters to the snmp_facts module were\n logged and displayed despite containing sensitive information. (bsc#1180816)\n* CVE-2021-20180 where several parameters to the\n bitbucket_pipeline_variable were logged and displayed despite\n containing sensitive information. (bsc#1180942)\n* CVE-2021-20191 which addresses a number of modules whose parameters\n were logged and displayed despite containing sensitive\n information. For the full list of affected modules, refer to the\n changelog linked below. (bsc#1181119)\n \nUpdate to version 2.9.17 with minor changes and a few bug fixes.\n\nUpdate to version 2.9.16 with minor changes and many bug fixes.\n\nupdate to version 2.9.15 with following breaking change:\n\n* ansible-galaxy login command has been removed\n\nupdate to version 2.9.14 with many small improvements and bug fixes,\nmost notably:\n\n* kubectl - connection plugin now redact kubectl_token and \n kubectl_password in console log (CVE-2020-1753 bsc#1166389).\n\nupdate to version 2.9.13 with many bug fixes, most notably:\n\n* A security issue was addressed in the 'dnf' module, which previously\n did not check GPG signatures of packages.\n* A bug in the 'cron' module was fixed. In some cases prior to this\n fix, the module would inadvertently remove cron entries.\n\nupdate to version 2.9.12 with many bug fixes,\nmost notably the following security fixes:\n\n* security issue - copy - Redact the value of the no_log 'content' \n parameter in the result's invocation.module_args in check mode. \n Previously when used with check mode and with '-vvv', the module would \n not censor the content if a change would be made to the destination path. \n (CVE-2020-14332 bsc#1174302)\n* security issue atomic_move - change default permissions when creating \n temporary files so they are not world readable \n (https://github.com/ansible/ansible/issues/67794) (CVE-2020-1736 bsc#1164134)\n* Fix warning for default permission change when no mode is specified. \n Follow up to https://github.com/ansible/ansible/issues/67794. \n (CVE-2020-1736)\n* Sanitize no_log values from any response keys that might be returned \n from the uri module (CVE-2020-14330 bsc#1174145).\n* reset logging level to INFO due to CVE-2019-14846.\n\nupdate to version 2.9.11 with many bug fixes\n\nupdate to version 2.9.10 with many bug fixes.\n\n- Add CVE-2020-1733_avoid_mkdir_p.patch to fix CVE-2020-1733\n (bsc#1164140)\n\nupdate to version 2.9.9\n\n* fix for a regression introduced in 2.9.8\n\nupdate to version 2.9.8, maintenance release containing numerous bugfixes\n\nupdate to version 2.9.7 with many bug fixes,\nespecially for these security issues:\n\n- bsc#1164140 CVE-2020-1733 - insecure temporary directory when\n running become_user from become directive\n- bsc#1164139 CVE-2020-1734 shell enabled by default in a pipe\n lookup plugin subprocess\n- bsc#1164137 CVE-2020-1735 - path injection on dest parameter\n in fetch module\n- bsc#1164134 CVE-2020-1736 atomic_move primitive sets\n permissive permissions\n- bsc#1164138 CVE-2020-1737 - Extract-Zip function in win_unzip\n module does not check extracted path\n- bsc#1164136 CVE-2020-1738 module package can be selected by\n the ansible facts\n- bsc#1164133 CVE-2020-1739 - svn module leaks password when\n specified as a parameter\n- bsc#1164135 CVE-2020-1740 - secrets readable after\n ansible-vault edit\n- bsc#1165393 CVE-2020-1746 - information disclosure issue in\n ldap_attr and ldap_entry modules\n- bsc#1166389 CVE-2020-1753 - kubectl connection plugin leaks\n sensitive information\n- bsc#1167532 CVE-2020-10684 - code injection when using\n ansible_facts as a subkey\n- bsc#1167440 CVE-2020-10685 - modules which use files\n encrypted with vault are not properly cleaned up\n- bsc#1167873 CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2]\n\nFixed before 2.9.6, but not yet listed:\n- bsc#1171162 CVE-2020-10729 two random password lookups in\n same task return same value\n- bsc#1157968 CVE-2019-14904 vulnerability in solaris_zone\n module via crafted solaris zone\n- bsc#1157969 CVE-2019-14905 malicious code could craft\n filename in nxos_file_copy module\n- bsc#1112959 CVE-2018-16837 Information leak in 'user' module patch added\n- (bsc#1137528) CVE-2019-10156: ansible: templating causing an\n- bsc#1118896 CVE-2018-16876 Information disclosure in vvv+ mode with no_log on (https://github.com/ansible/ansible/pull/49569)\n- Includes fix for bsc#1099808 (CVE-2018-10875) ansible.cfg is being read\n from current working directory allowing possible code execution\n", title: "Description of the patch", }, { category: "details", text: "openSUSE-2022-81", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_0081-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2022:0081-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/D7KK2SNPNAB353QA6BU4SNJDQ3FXZOY5/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2022:0081-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/D7KK2SNPNAB353QA6BU4SNJDQ3FXZOY5/", }, { category: "self", summary: "SUSE Bug 1099808", url: "https://bugzilla.suse.com/1099808", }, { category: "self", summary: "SUSE Bug 1112959", url: "https://bugzilla.suse.com/1112959", }, { category: "self", summary: "SUSE Bug 1118896", url: "https://bugzilla.suse.com/1118896", }, { category: "self", summary: "SUSE Bug 1126503", url: "https://bugzilla.suse.com/1126503", }, { category: "self", summary: "SUSE Bug 1137528", url: "https://bugzilla.suse.com/1137528", }, { category: "self", summary: "SUSE Bug 1157968", url: "https://bugzilla.suse.com/1157968", }, { category: "self", summary: "SUSE Bug 1157969", url: "https://bugzilla.suse.com/1157969", }, { category: "self", summary: "SUSE Bug 1164133", url: "https://bugzilla.suse.com/1164133", }, { category: "self", summary: "SUSE Bug 1164134", url: "https://bugzilla.suse.com/1164134", }, { category: "self", summary: "SUSE Bug 1164135", url: "https://bugzilla.suse.com/1164135", }, { category: "self", summary: "SUSE Bug 1164136", url: "https://bugzilla.suse.com/1164136", }, { category: "self", summary: "SUSE Bug 1164137", url: "https://bugzilla.suse.com/1164137", }, { category: "self", summary: "SUSE Bug 1164138", url: "https://bugzilla.suse.com/1164138", }, { category: "self", summary: "SUSE Bug 1164139", url: "https://bugzilla.suse.com/1164139", }, { category: "self", summary: "SUSE Bug 1164140", url: "https://bugzilla.suse.com/1164140", }, { category: "self", summary: "SUSE Bug 1165393", url: "https://bugzilla.suse.com/1165393", }, { category: "self", summary: "SUSE Bug 1166389", url: "https://bugzilla.suse.com/1166389", }, { category: "self", summary: "SUSE Bug 1167440", url: "https://bugzilla.suse.com/1167440", }, { category: "self", summary: "SUSE Bug 1167532", url: "https://bugzilla.suse.com/1167532", }, { category: "self", summary: "SUSE Bug 1167873", url: "https://bugzilla.suse.com/1167873", }, { category: "self", summary: "SUSE Bug 1171162", url: "https://bugzilla.suse.com/1171162", }, { category: "self", summary: "SUSE Bug 1174145", url: "https://bugzilla.suse.com/1174145", }, { category: "self", summary: "SUSE Bug 1174302", url: "https://bugzilla.suse.com/1174302", }, { category: "self", summary: "SUSE Bug 1180816", url: "https://bugzilla.suse.com/1180816", }, { category: "self", summary: "SUSE Bug 1180942", url: "https://bugzilla.suse.com/1180942", }, { category: "self", summary: "SUSE Bug 1181119", url: "https://bugzilla.suse.com/1181119", }, { category: "self", summary: "SUSE Bug 1181935", url: "https://bugzilla.suse.com/1181935", }, { category: "self", summary: "SUSE CVE CVE-2018-10875 page", url: "https://www.suse.com/security/cve/CVE-2018-10875/", }, { category: "self", summary: "SUSE CVE CVE-2018-16837 page", url: "https://www.suse.com/security/cve/CVE-2018-16837/", }, { category: "self", summary: "SUSE CVE CVE-2019-10156 page", url: "https://www.suse.com/security/cve/CVE-2019-10156/", }, { category: "self", summary: "SUSE CVE CVE-2019-14846 page", url: "https://www.suse.com/security/cve/CVE-2019-14846/", }, { category: "self", summary: "SUSE CVE CVE-2019-14904 page", url: "https://www.suse.com/security/cve/CVE-2019-14904/", }, { category: "self", summary: "SUSE CVE CVE-2019-14905 page", url: "https://www.suse.com/security/cve/CVE-2019-14905/", }, { category: "self", summary: "SUSE CVE CVE-2020-10684 page", url: "https://www.suse.com/security/cve/CVE-2020-10684/", }, { category: "self", summary: "SUSE CVE CVE-2020-10685 page", url: "https://www.suse.com/security/cve/CVE-2020-10685/", }, { category: "self", summary: "SUSE CVE CVE-2020-10691 page", url: "https://www.suse.com/security/cve/CVE-2020-10691/", }, { category: "self", summary: "SUSE CVE CVE-2020-10729 page", url: "https://www.suse.com/security/cve/CVE-2020-10729/", }, { category: "self", summary: "SUSE CVE CVE-2020-14330 page", url: "https://www.suse.com/security/cve/CVE-2020-14330/", }, { category: "self", summary: "SUSE CVE CVE-2020-14332 page", url: "https://www.suse.com/security/cve/CVE-2020-14332/", }, { category: "self", summary: "SUSE CVE CVE-2020-1733 page", url: "https://www.suse.com/security/cve/CVE-2020-1733/", }, { category: "self", summary: "SUSE CVE CVE-2020-1734 page", url: "https://www.suse.com/security/cve/CVE-2020-1734/", }, { category: "self", summary: "SUSE CVE CVE-2020-1735 page", url: "https://www.suse.com/security/cve/CVE-2020-1735/", }, { category: "self", summary: "SUSE CVE CVE-2020-1736 page", url: "https://www.suse.com/security/cve/CVE-2020-1736/", }, { category: "self", summary: "SUSE CVE CVE-2020-1737 page", url: "https://www.suse.com/security/cve/CVE-2020-1737/", }, { category: "self", summary: "SUSE CVE CVE-2020-1738 page", url: "https://www.suse.com/security/cve/CVE-2020-1738/", }, { category: "self", summary: "SUSE CVE CVE-2020-1739 page", url: "https://www.suse.com/security/cve/CVE-2020-1739/", }, { category: "self", summary: "SUSE CVE CVE-2020-1740 page", url: "https://www.suse.com/security/cve/CVE-2020-1740/", }, { category: "self", summary: "SUSE CVE CVE-2020-1746 page", url: "https://www.suse.com/security/cve/CVE-2020-1746/", }, { category: "self", summary: "SUSE CVE CVE-2020-1753 page", url: "https://www.suse.com/security/cve/CVE-2020-1753/", }, { category: "self", summary: "SUSE CVE CVE-2021-20178 page", url: "https://www.suse.com/security/cve/CVE-2021-20178/", }, { category: "self", summary: "SUSE CVE CVE-2021-20180 page", url: "https://www.suse.com/security/cve/CVE-2021-20180/", }, { category: "self", summary: "SUSE CVE CVE-2021-20191 page", url: "https://www.suse.com/security/cve/CVE-2021-20191/", }, { category: "self", summary: "SUSE CVE CVE-2021-20228 page", url: "https://www.suse.com/security/cve/CVE-2021-20228/", }, ], title: "Security update for ansible", tracking: { current_release_date: "2022-03-16T16:09:53Z", generator: { date: "2022-03-16T16:09:53Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2022:0081-1", initial_release_date: "2022-03-16T16:09:53Z", revision_history: [ { date: "2022-03-16T16:09:53Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ansible-2.9.21-bp153.2.3.1.noarch", product: { name: "ansible-2.9.21-bp153.2.3.1.noarch", product_id: "ansible-2.9.21-bp153.2.3.1.noarch", }, }, { category: "product_version", name: "ansible-doc-2.9.21-bp153.2.3.1.noarch", product: { name: "ansible-doc-2.9.21-bp153.2.3.1.noarch", product_id: "ansible-doc-2.9.21-bp153.2.3.1.noarch", }, }, { category: "product_version", name: "ansible-test-2.9.21-bp153.2.3.1.noarch", product: { name: "ansible-test-2.9.21-bp153.2.3.1.noarch", product_id: "ansible-test-2.9.21-bp153.2.3.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_name", name: "SUSE Package Hub 15 SP3", product: { name: "SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3", }, }, { category: "product_name", name: "openSUSE Leap 15.3", product: { name: "openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-2.9.21-bp153.2.3.1.noarch as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", }, product_reference: "ansible-2.9.21-bp153.2.3.1.noarch", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "ansible-doc-2.9.21-bp153.2.3.1.noarch as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", }, product_reference: "ansible-doc-2.9.21-bp153.2.3.1.noarch", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "ansible-test-2.9.21-bp153.2.3.1.noarch as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", }, product_reference: "ansible-test-2.9.21-bp153.2.3.1.noarch", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "ansible-2.9.21-bp153.2.3.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", }, product_reference: "ansible-2.9.21-bp153.2.3.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "ansible-doc-2.9.21-bp153.2.3.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", }, product_reference: "ansible-doc-2.9.21-bp153.2.3.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "ansible-test-2.9.21-bp153.2.3.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", }, product_reference: "ansible-test-2.9.21-bp153.2.3.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, ], }, vulnerabilities: [ { cve: "CVE-2018-10875", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10875", }, ], notes: [ { category: "general", text: "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-10875", url: "https://www.suse.com/security/cve/CVE-2018-10875", }, { category: "external", summary: "SUSE Bug 1099808 for CVE-2018-10875", url: "https://bugzilla.suse.com/1099808", }, { category: "external", summary: "SUSE Bug 1109957 for CVE-2018-10875", url: "https://bugzilla.suse.com/1109957", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "important", }, ], title: "CVE-2018-10875", }, { cve: "CVE-2018-16837", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16837", }, ], notes: [ { category: "general", text: "Ansible \"User\" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-16837", url: "https://www.suse.com/security/cve/CVE-2018-16837", }, { category: "external", summary: "SUSE Bug 1112959 for CVE-2018-16837", url: "https://bugzilla.suse.com/1112959", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "important", }, ], title: "CVE-2018-16837", }, { cve: "CVE-2019-10156", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-10156", }, ], notes: [ { category: "general", text: "A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-10156", url: "https://www.suse.com/security/cve/CVE-2019-10156", }, { category: "external", summary: "SUSE Bug 1137528 for CVE-2019-10156", url: "https://bugzilla.suse.com/1137528", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "moderate", }, ], title: "CVE-2019-10156", }, { cve: "CVE-2019-14846", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14846", }, ], notes: [ { category: "general", text: "In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-14846", url: "https://www.suse.com/security/cve/CVE-2019-14846", }, { category: "external", summary: "SUSE Bug 1153452 for CVE-2019-14846", url: "https://bugzilla.suse.com/1153452", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 2.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "low", }, ], title: "CVE-2019-14846", }, { cve: "CVE-2019-14904", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14904", }, ], notes: [ { category: "general", text: "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-14904", url: "https://www.suse.com/security/cve/CVE-2019-14904", }, { category: "external", summary: "SUSE Bug 1157968 for CVE-2019-14904", url: "https://bugzilla.suse.com/1157968", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "important", }, ], title: "CVE-2019-14904", }, { cve: "CVE-2019-14905", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14905", }, ], notes: [ { category: "general", text: "A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-14905", url: "https://www.suse.com/security/cve/CVE-2019-14905", }, { category: "external", summary: "SUSE Bug 1157969 for CVE-2019-14905", url: "https://bugzilla.suse.com/1157969", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "important", }, ], title: "CVE-2019-14905", }, { cve: "CVE-2020-10684", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10684", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-10684", url: "https://www.suse.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "SUSE Bug 1167532 for CVE-2020-10684", url: "https://bugzilla.suse.com/1167532", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "important", }, ], title: "CVE-2020-10684", }, { cve: "CVE-2020-10685", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10685", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-10685", url: "https://www.suse.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "SUSE Bug 1167440 for CVE-2020-10685", url: "https://bugzilla.suse.com/1167440", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "moderate", }, ], title: "CVE-2020-10685", }, { cve: "CVE-2020-10691", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10691", }, ], notes: [ { category: "general", text: "An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-10691", url: "https://www.suse.com/security/cve/CVE-2020-10691", }, { category: "external", summary: "SUSE Bug 1167873 for CVE-2020-10691", url: "https://bugzilla.suse.com/1167873", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "moderate", }, ], title: "CVE-2020-10691", }, { cve: "CVE-2020-10729", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10729", }, ], notes: [ { category: "general", text: "A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-10729", url: "https://www.suse.com/security/cve/CVE-2020-10729", }, { category: "external", summary: "SUSE Bug 1171162 for CVE-2020-10729", url: "https://bugzilla.suse.com/1171162", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "moderate", }, ], title: "CVE-2020-10729", }, { cve: "CVE-2020-14330", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14330", }, ], notes: [ { category: "general", text: "An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-14330", url: "https://www.suse.com/security/cve/CVE-2020-14330", }, { category: "external", summary: "SUSE Bug 1174145 for CVE-2020-14330", url: "https://bugzilla.suse.com/1174145", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "moderate", }, ], title: "CVE-2020-14330", }, { cve: "CVE-2020-14332", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14332", }, ], notes: [ { category: "general", text: "A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-14332", url: "https://www.suse.com/security/cve/CVE-2020-14332", }, { category: "external", summary: "SUSE Bug 1174302 for CVE-2020-14332", url: "https://bugzilla.suse.com/1174302", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "moderate", }, ], title: "CVE-2020-14332", }, { cve: "CVE-2020-1733", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1733", }, ], notes: [ { category: "general", text: "A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-1733", url: "https://www.suse.com/security/cve/CVE-2020-1733", }, { category: "external", summary: "SUSE Bug 1164140 for CVE-2020-1733", url: "https://bugzilla.suse.com/1164140", }, { category: "external", summary: "SUSE Bug 1171823 for CVE-2020-1733", url: "https://bugzilla.suse.com/1171823", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "moderate", }, ], title: "CVE-2020-1733", }, { cve: "CVE-2020-1734", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1734", }, ], notes: [ { category: "general", text: "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-1734", url: "https://www.suse.com/security/cve/CVE-2020-1734", }, { category: "external", summary: "SUSE Bug 1164139 for CVE-2020-1734", url: "https://bugzilla.suse.com/1164139", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "important", }, ], title: "CVE-2020-1734", }, { cve: "CVE-2020-1735", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1735", }, ], notes: [ { category: "general", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-1735", url: "https://www.suse.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "SUSE Bug 1164137 for CVE-2020-1735", url: "https://bugzilla.suse.com/1164137", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "moderate", }, ], title: "CVE-2020-1735", }, { cve: "CVE-2020-1736", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1736", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-1736", url: "https://www.suse.com/security/cve/CVE-2020-1736", }, { category: "external", summary: "SUSE Bug 1164134 for CVE-2020-1736", url: "https://bugzilla.suse.com/1164134", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 2.2, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "low", }, ], title: "CVE-2020-1736", }, { cve: "CVE-2020-1737", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1737", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-1737", url: "https://www.suse.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "SUSE Bug 1164138 for CVE-2020-1737", url: "https://bugzilla.suse.com/1164138", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "important", }, ], title: "CVE-2020-1737", }, { cve: "CVE-2020-1738", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1738", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-1738", url: "https://www.suse.com/security/cve/CVE-2020-1738", }, { category: "external", summary: "SUSE Bug 1164136 for CVE-2020-1738", url: "https://bugzilla.suse.com/1164136", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "moderate", }, ], title: "CVE-2020-1738", }, { cve: "CVE-2020-1739", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1739", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-1739", url: "https://www.suse.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "SUSE Bug 1164133 for CVE-2020-1739", url: "https://bugzilla.suse.com/1164133", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "moderate", }, ], title: "CVE-2020-1739", }, { cve: "CVE-2020-1740", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1740", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-1740", url: "https://www.suse.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "SUSE Bug 1164135 for CVE-2020-1740", url: "https://bugzilla.suse.com/1164135", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 3.9, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "low", }, ], title: "CVE-2020-1740", }, { cve: "CVE-2020-1746", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1746", }, ], notes: [ { category: "general", text: "A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-1746", url: "https://www.suse.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "SUSE Bug 1165393 for CVE-2020-1746", url: "https://bugzilla.suse.com/1165393", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "moderate", }, ], title: "CVE-2020-1746", }, { cve: "CVE-2020-1753", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1753", }, ], notes: [ { category: "general", text: "A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-1753", url: "https://www.suse.com/security/cve/CVE-2020-1753", }, { category: "external", summary: "SUSE Bug 1166389 for CVE-2020-1753", url: "https://bugzilla.suse.com/1166389", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "moderate", }, ], title: "CVE-2020-1753", }, { cve: "CVE-2021-20178", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-20178", }, ], notes: [ { category: "general", text: "A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-20178", url: "https://www.suse.com/security/cve/CVE-2021-20178", }, { category: "external", summary: "SUSE Bug 1180816 for CVE-2021-20178", url: "https://bugzilla.suse.com/1180816", }, { category: "external", summary: "SUSE Bug 1186493 for CVE-2021-20178", url: "https://bugzilla.suse.com/1186493", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "moderate", }, ], title: "CVE-2021-20178", }, { cve: "CVE-2021-20180", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-20180", }, ], notes: [ { category: "general", text: "A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-20180", url: "https://www.suse.com/security/cve/CVE-2021-20180", }, { category: "external", summary: "SUSE Bug 1180942 for CVE-2021-20180", url: "https://bugzilla.suse.com/1180942", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "moderate", }, ], title: "CVE-2021-20180", }, { cve: "CVE-2021-20191", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-20191", }, ], notes: [ { category: "general", text: "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-20191", url: "https://www.suse.com/security/cve/CVE-2021-20191", }, { category: "external", summary: "SUSE Bug 1181119 for CVE-2021-20191", url: "https://bugzilla.suse.com/1181119", }, { category: "external", summary: "SUSE Bug 1181935 for CVE-2021-20191", url: "https://bugzilla.suse.com/1181935", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "moderate", }, ], title: "CVE-2021-20191", }, { cve: "CVE-2021-20228", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-20228", }, ], notes: [ { category: "general", text: "A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-20228", url: "https://www.suse.com/security/cve/CVE-2021-20228", }, { category: "external", summary: "SUSE Bug 1181935 for CVE-2021-20228", url: "https://bugzilla.suse.com/1181935", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:ansible-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:ansible-test-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-bp153.2.3.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-03-16T16:09:53Z", details: "moderate", }, ], title: "CVE-2021-20228", }, ], }
pysec-2020-7
Vulnerability from pysec
Published
2020-03-16 16:15
Modified
2020-06-13 04:15
Details
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
Impacted products
| Name | purl |
|---|---|
| ansible | pkg:pypi/ansible |
Aliases
{ affected: [ { package: { ecosystem: "PyPI", name: "ansible", purl: "pkg:pypi/ansible", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "2.7.17", }, { introduced: "2.8.0", }, { fixed: "2.8.9", }, { introduced: "2.9.0", }, { fixed: "2.9.6", }, ], type: "ECOSYSTEM", }, ], versions: [ "1.0", "1.1", "1.2", "1.2.1", "1.2.2", "1.2.3", "1.3.0", "1.3.1", "1.3.2", "1.3.3", "1.3.4", "1.4", "1.4.1", "1.4.2", "1.4.3", "1.4.4", "1.4.5", "1.5", "1.5.1", "1.5.2", "1.5.3", "1.5.4", "1.5.5", "1.6", "1.6.1", "1.6.2", "1.6.3", "1.6.4", "1.6.5", "1.6.6", "1.6.7", "1.6.8", "1.6.9", "1.6.10", "1.7", "1.7.1", "1.7.2", "1.8", "1.8.1", "1.8.2", "1.8.3", "1.8.4", "1.9.0", "1.9.0.1", "1.9.1", "1.9.2", "1.9.3", "1.9.4", "1.9.5", "1.9.6", "2.0.0.0", "2.0.0", "2.0.0.1", "2.0.0.2", "2.0.1.0", "2.0.2.0", "2.1.0.0", "2.1.1.0", "2.1.2.0", "2.1.3.0", "2.1.4.0", "2.1.5.0", "2.1.6.0", "2.2.0.0", "2.2.1.0", "2.2.2.0", "2.2.3.0", "2.3.0.0", "2.3.1.0", "2.3.2.0", "2.3.3.0", "2.4.0.0", "2.4.1.0", "2.4.2.0", "2.4.3.0", "2.4.4.0", "2.4.5.0", "2.4.6.0", "2.5.0a1", "2.5.0b1", "2.5.0b2", "2.5.0rc1", "2.5.0rc2", "2.5.0rc3", "2.5.0", "2.5.1", "2.5.2", "2.5.3", "2.5.4", "2.5.5", "2.5.6", "2.5.7", "2.5.8", "2.5.9", "2.5.10", "2.5.11", "2.5.12", "2.5.13", "2.5.14", "2.5.15", "2.6.0a1", "2.6.0a2", "2.6.0rc1", "2.6.0rc2", "2.6.0rc3", "2.6.0rc4", "2.6.0rc5", "2.6.0", "2.6.1", "2.6.2", "2.6.3", "2.6.4", "2.6.5", "2.6.6", "2.6.7", "2.6.8", "2.6.9", "2.6.10", "2.6.11", "2.6.12", "2.6.13", "2.6.14", "2.6.15", "2.6.16", "2.6.17", "2.6.18", "2.6.19", "2.6.20", "2.7.0.dev0", "2.7.0a1", "2.7.0b1", "2.7.0rc1", "2.7.0rc2", "2.7.0rc3", "2.7.0rc4", "2.7.0", "2.7.1", "2.7.2", "2.7.3", "2.7.4", "2.7.5", "2.7.6", "2.7.7", "2.7.8", "2.7.9", "2.7.10", "2.7.11", "2.7.12", "2.7.13", "2.7.14", "2.7.15", "2.7.16", "2.8.0", "2.8.1", "2.8.2", "2.8.3", "2.8.4", "2.8.5", "2.8.6", "2.8.7", "2.8.8", "2.9.0", "2.9.1", "2.9.2", "2.9.3", "2.9.4", "2.9.5", ], }, ], aliases: [ "CVE-2020-1735", "GHSA-gfr2-qpxh-qj9m", ], details: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", id: "PYSEC-2020-7", modified: "2020-06-13T04:15:00Z", published: "2020-03-16T16:15:00Z", references: [ { type: "REPORT", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735", }, { type: "REPORT", url: "https://github.com/ansible/ansible/issues/67793", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", }, { type: "ADVISORY", url: "https://security.gentoo.org/glsa/202006-11", }, { type: "ADVISORY", url: "https://github.com/advisories/GHSA-gfr2-qpxh-qj9m", }, ], }
rhba-2020:0547
Vulnerability from csaf_redhat
Published
2020-02-18 15:13
Modified
2025-03-17 01:11
Summary
Red Hat Bug Fix Advisory: Container Image Rebuild for Ansible Tower 3.4 Dependency
Notes
Topic
Container Image Rebuild for Ansible Tower 3.4 Dependency
Details
The ansible-tower-memcached container image has been updated for Red Hat Ansible Tower 3.4 for RHEL 7 to address security advisories:
RHSA-2019:2030
RHSA-2019:2118
RHSA-2019:2136
RHSA-2019:2197
RHSA-2019:2237
RHSA-2019:2304
RHSA-2019:4190
RHSA-2020:0227
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Container Image Rebuild for Ansible Tower 3.4 Dependency", title: "Topic", }, { category: "general", text: "The ansible-tower-memcached container image has been updated for Red Hat Ansible Tower 3.4 for RHEL 7 to address security advisories:\n\nRHSA-2019:2030\nRHSA-2019:2118\nRHSA-2019:2136\nRHSA-2019:2197\nRHSA-2019:2237\nRHSA-2019:2304\nRHSA-2019:4190\nRHSA-2020:0227", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2020:0547", url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "external", summary: "https://access.redhat.com/errata/RHSA-2019:2030", url: "https://access.redhat.com/errata/RHSA-2019:2030", }, { category: "external", summary: "https://access.redhat.com/errata/RHSA-2019:2118", url: "https://access.redhat.com/errata/RHSA-2019:2118", }, { category: "external", summary: "https://access.redhat.com/errata/RHSA-2019:2136", url: "https://access.redhat.com/errata/RHSA-2019:2136", }, { category: "external", summary: "https://access.redhat.com/errata/RHSA-2019:2197", url: "https://access.redhat.com/errata/RHSA-2019:2197", }, { category: "external", summary: "https://access.redhat.com/errata/RHSA-2019:2237", url: "https://access.redhat.com/errata/RHSA-2019:2237", }, { category: "external", summary: "https://access.redhat.com/errata/RHSA-2019:2304", url: "https://access.redhat.com/errata/RHSA-2019:2304", }, { category: "external", summary: "https://access.redhat.com/errata/RHSA-2019:4190", url: "https://access.redhat.com/errata/RHSA-2019:4190", }, { category: "external", summary: "https://access.redhat.com/errata/RHSA-2020:0227", url: "https://access.redhat.com/errata/RHSA-2020:0227", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhba-2020_0547.json", }, ], title: "Red Hat Bug Fix Advisory: Container Image Rebuild for Ansible Tower 3.4 Dependency", tracking: { current_release_date: "2025-03-17T01:11:07+00:00", generator: { date: "2025-03-17T01:11:07+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHBA-2020:0547", initial_release_date: "2020-02-18T15:13:57+00:00", revision_history: [ { date: "2020-02-18T15:13:57+00:00", number: "1", summary: "Initial version", }, { date: "2020-02-18T15:13:57+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-17T01:11:07+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Ansible Tower 3.4 for RHEL 7 Server", product: { name: "Red Hat Ansible Tower 3.4 for RHEL 7 Server", product_id: "7Server-Ansible-Tower-3.4", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_tower:3.4::el7", }, }, }, ], category: "product_family", name: "Red Hat Ansible Tower", }, { branches: [ { category: "product_version", name: "ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product: { name: "ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product_id: "ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product_identification_helper: { purl: "pkg:oci/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c?arch=amd64&repository_url=registry.redhat.io/ansible-tower-37/ansible-tower-memcached-rhel7&tag=1.4.15-28", }, }, }, { category: "product_version", name: "ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product: { name: "ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product_id: "ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product_identification_helper: { purl: "pkg:oci/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c?arch=amd64&repository_url=registry.redhat.io/ansible-tower-35/ansible-tower-memcached&tag=1.4.15-28", }, }, }, { category: "product_version", name: "ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product: { name: "ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product_id: "ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product_identification_helper: { purl: "pkg:oci/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c?arch=amd64&repository_url=registry.redhat.io/ansible-tower-34/ansible-tower-memcached&tag=1.4.15-28", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64 as a component of Red Hat Ansible Tower 3.4 for RHEL 7 Server", product_id: "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", }, product_reference: "ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", relates_to_product_reference: "7Server-Ansible-Tower-3.4", }, { category: "default_component_of", full_product_name: { name: "ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64 as a component of Red Hat Ansible Tower 3.4 for RHEL 7 Server", product_id: "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", }, product_reference: "ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", relates_to_product_reference: "7Server-Ansible-Tower-3.4", }, { category: "default_component_of", full_product_name: { name: "ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64 as a component of Red Hat Ansible Tower 3.4 for RHEL 7 Server", product_id: "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", }, product_reference: "ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", relates_to_product_reference: "7Server-Ansible-Tower-3.4", }, ], }, vulnerabilities: [ { cve: "CVE-2016-10739", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2016-02-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1347549", }, ], notes: [ { category: "description", text: "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", title: "Vulnerability description", }, { category: "summary", text: "glibc: getaddrinfo should reject IP addresses with trailing characters", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-10739", }, { category: "external", summary: "RHBZ#1347549", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-10739", url: "https://www.cve.org/CVERecord?id=CVE-2016-10739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-10739", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-10739", }, ], release_date: "2016-04-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "glibc: getaddrinfo should reject IP addresses with trailing characters", }, { cve: "CVE-2018-0495", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2018-06-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1591163", }, ], notes: [ { category: "description", text: "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", title: "Vulnerability description", }, { category: "summary", text: "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", title: "Vulnerability summary", }, { category: "other", text: "Since the 5.8.3 release, Red Hat CloudForms no longer uses libtomcrypt.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-0495", }, { category: "external", summary: "RHBZ#1591163", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1591163", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-0495", url: "https://www.cve.org/CVERecord?id=CVE-2018-0495", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-0495", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-0495", }, { category: "external", summary: "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", url: "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", }, ], release_date: "2018-06-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", }, { cve: "CVE-2018-0734", cwe: { id: "CWE-385", name: "Covert Timing Channel", }, discovery_date: "2018-10-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1644364", }, ], notes: [ { category: "description", text: "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", title: "Vulnerability description", }, { category: "summary", text: "openssl: timing side channel attack in the DSA signature algorithm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-0734", }, { category: "external", summary: "RHBZ#1644364", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1644364", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-0734", url: "https://www.cve.org/CVERecord?id=CVE-2018-0734", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-0734", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-0734", }, ], release_date: "2018-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: timing side channel attack in the DSA signature algorithm", }, { acknowledgments: [ { names: [ "Qualys Research Labs", ], }, ], cve: "CVE-2018-1122", cwe: { id: "CWE-829", name: "Inclusion of Functionality from Untrusted Control Sphere", }, discovery_date: "2018-05-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1575466", }, ], notes: [ { category: "description", text: "If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", title: "Vulnerability description", }, { category: "summary", text: "procps: Local privilege escalation in top", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-1122", }, { category: "external", summary: "RHBZ#1575466", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1575466", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-1122", url: "https://www.cve.org/CVERecord?id=CVE-2018-1122", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1122", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1122", }, { category: "external", summary: "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt", url: "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt", }, ], release_date: "2018-05-17T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "procps: Local privilege escalation in top", }, { cve: "CVE-2018-5818", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2018-12-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1661608", }, ], notes: [ { category: "description", text: "An error within the \"parse_rollei()\" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.", title: "Vulnerability description", }, { category: "summary", text: "LibRaw: DoS in parse_rollei function in internal/dcraw_common.cpp", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-5818", }, { category: "external", summary: "RHBZ#1661608", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1661608", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-5818", url: "https://www.cve.org/CVERecord?id=CVE-2018-5818", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-5818", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-5818", }, ], release_date: "2018-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "LibRaw: DoS in parse_rollei function in internal/dcraw_common.cpp", }, { cve: "CVE-2018-5819", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-12-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1661604", }, ], notes: [ { category: "description", text: "An error within the \"parse_sinar_ia()\" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.", title: "Vulnerability description", }, { category: "summary", text: "LibRaw: DoS in parse_sinar_ia function in internal/dcraw_common.cpp", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-5819", }, { category: "external", summary: "RHBZ#1661604", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1661604", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-5819", url: "https://www.cve.org/CVERecord?id=CVE-2018-5819", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-5819", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-5819", }, ], release_date: "2018-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "LibRaw: DoS in parse_sinar_ia function in internal/dcraw_common.cpp", }, { cve: "CVE-2018-12404", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2018-12-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1657913", }, ], notes: [ { category: "description", text: "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", title: "Vulnerability description", }, { category: "summary", text: "nss: Cache side-channel variant of the Bleichenbacher attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-12404", }, { category: "external", summary: "RHBZ#1657913", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1657913", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-12404", url: "https://www.cve.org/CVERecord?id=CVE-2018-12404", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-12404", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-12404", }, ], release_date: "2018-11-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "nss: Cache side-channel variant of the Bleichenbacher attack", }, { cve: "CVE-2018-12641", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-06-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1594410", }, ], notes: [ { category: "description", text: "An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.", title: "Vulnerability description", }, { category: "summary", text: "binutils: Stack Exhaustion in the demangling functions provided by libiberty", title: "Vulnerability summary", }, { category: "other", text: "The issue is classified as low severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting its exploitation potential. The stack overflow in demangle_class_name() only triggers during the parsing of malformed ELF files, which would require an attacker to convince a user to process a malicious file with binutils. Moreover, binutils does not handle privileged operations, meaning exploitation is unlikely to lead to system compromise or escalation of privileges. Additionally, the impact is localized to the application itself, without affecting the broader system or network security.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-12641", }, { category: "external", summary: "RHBZ#1594410", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1594410", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-12641", url: "https://www.cve.org/CVERecord?id=CVE-2018-12641", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-12641", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-12641", }, ], release_date: "2018-04-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "binutils: Stack Exhaustion in the demangling functions provided by libiberty", }, { cve: "CVE-2018-12697", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2018-06-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1595417", }, ], notes: [ { category: "description", text: "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.", title: "Vulnerability description", }, { category: "summary", text: "binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c.", title: "Vulnerability summary", }, { category: "other", text: "This issue is classified with a low severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting the possibility of exploitation. Additionally, this NULL pointer dereference is only triggered during the parsing of a specially crafted file, requiring an attacker to convince a user to process this file with objdump. Furthermore, binutils does not handle privileged operations, meaning that exploitation is unlikely to lead to system compromise or escalation of privileges. Also, the impact is limited to the application itself, without affecting the broader system or network security.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-12697", }, { category: "external", summary: "RHBZ#1595417", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1595417", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-12697", url: "https://www.cve.org/CVERecord?id=CVE-2018-12697", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-12697", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-12697", }, ], release_date: "2018-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c.", }, { acknowledgments: [ { names: [ "the Curl project", ], }, { names: [ "Zhaoyang Wu", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2018-14618", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2018-08-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1622707", }, ], notes: [ { category: "description", text: "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", title: "Vulnerability description", }, { category: "summary", text: "curl: NTLM password overflow via integer overflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14618", }, { category: "external", summary: "RHBZ#1622707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1622707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14618", url: "https://www.cve.org/CVERecord?id=CVE-2018-14618", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14618", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14618", }, { category: "external", summary: "https://curl.haxx.se/docs/CVE-2018-14618.html", url: "https://curl.haxx.se/docs/CVE-2018-14618.html", }, ], release_date: "2018-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: NTLM password overflow via integer overflow", }, { acknowledgments: [ { names: [ "the Python Security Response Team", ], }, ], cve: "CVE-2018-14647", cwe: { id: "CWE-335", name: "Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)", }, discovery_date: "2018-09-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1631822", }, ], notes: [ { category: "description", text: "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM.", title: "Vulnerability description", }, { category: "summary", text: "python: Missing salt initialization in _elementtree.c module", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14647", }, { category: "external", summary: "RHBZ#1631822", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1631822", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14647", url: "https://www.cve.org/CVERecord?id=CVE-2018-14647", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14647", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14647", }, { category: "external", summary: "https://bugs.python.org/issue34623", url: "https://bugs.python.org/issue34623", }, ], release_date: "2018-09-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: Missing salt initialization in _elementtree.c module", }, { acknowledgments: [ { names: [ "Jann Horn", ], organization: "Google Project Zero", }, { names: [ "Ubuntu", ], }, ], cve: "CVE-2018-15686", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2018-10-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1639071", }, ], notes: [ { category: "description", text: "It was discovered that systemd is vulnerable to a state injection attack when deserializing the state of a service. Properties longer than LINE_MAX are not correctly parsed and an attacker may abuse this flaw in particularly configured services to inject, change, or corrupt the service state.", title: "Vulnerability description", }, { category: "summary", text: "systemd: line splitting via fgets() allows for state injection during daemon-reexec", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-15686", }, { category: "external", summary: "RHBZ#1639071", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1639071", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-15686", url: "https://www.cve.org/CVERecord?id=CVE-2018-15686", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-15686", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-15686", }, ], release_date: "2018-10-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.6, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "systemd: line splitting via fgets() allows for state injection during daemon-reexec", }, { cve: "CVE-2018-16062", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2018-08-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1623752", }, ], notes: [ { category: "description", text: "An out-of-bounds read was discovered in elfutils in the way it reads DWARF address ranges information. Function dwarf_getaranges() in dwarf_getaranges.c does not properly check whether it reads beyond the limits of the ELF section. An attacker could use this flaw to cause a denial of service via a crafted file.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-16062", }, { category: "external", summary: "RHBZ#1623752", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1623752", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-16062", url: "https://www.cve.org/CVERecord?id=CVE-2018-16062", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-16062", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-16062", }, ], release_date: "2018-08-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", }, { cve: "CVE-2018-16402", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2018-09-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1625050", }, ], notes: [ { category: "description", text: "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-16402", }, { category: "external", summary: "RHBZ#1625050", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1625050", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-16402", url: "https://www.cve.org/CVERecord?id=CVE-2018-16402", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-16402", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-16402", }, ], release_date: "2018-08-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", }, { cve: "CVE-2018-16403", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2018-09-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1625055", }, ], notes: [ { category: "description", text: "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-16403", }, { category: "external", summary: "RHBZ#1625055", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1625055", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-16403", url: "https://www.cve.org/CVERecord?id=CVE-2018-16403", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-16403", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-16403", }, ], release_date: "2018-08-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", }, { acknowledgments: [ { names: [ "the Curl project", ], }, { names: [ "Brian Carpenter", ], organization: "Geeknik Labs", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2018-16842", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2018-10-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1644124", }, ], notes: [ { category: "description", text: "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", title: "Vulnerability description", }, { category: "summary", text: "curl: Heap-based buffer over-read in the curl tool warning formatting", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-16842", }, { category: "external", summary: "RHBZ#1644124", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1644124", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-16842", url: "https://www.cve.org/CVERecord?id=CVE-2018-16842", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-16842", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-16842", }, { category: "external", summary: "https://curl.haxx.se/docs/CVE-2018-16842.html", url: "https://curl.haxx.se/docs/CVE-2018-16842.html", }, ], release_date: "2018-10-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.6, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: Heap-based buffer over-read in the curl tool warning formatting", }, { acknowledgments: [ { names: [ "Qualys Research Labs", ], }, ], cve: "CVE-2018-16866", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2018-11-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1653867", }, ], notes: [ { category: "description", text: "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data.", title: "Vulnerability description", }, { category: "summary", text: "systemd: out-of-bounds read when parsing a crafted syslog message", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of systemd as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nRed Hat Virtualization Hypervisor and Management Appliance include vulnerable versions of systemd. However, since exploitation requires local access and impact is restricted to information disclosure, this flaw is rated as having a security issue of Low. Future updates may address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-16866", }, { category: "external", summary: "RHBZ#1653867", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1653867", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-16866", url: "https://www.cve.org/CVERecord?id=CVE-2018-16866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-16866", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-16866", }, { category: "external", summary: "https://www.qualys.com/2019/01/09/system-down/system-down.txt", url: "https://www.qualys.com/2019/01/09/system-down/system-down.txt", }, ], release_date: "2019-01-09T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "systemd: out-of-bounds read when parsing a crafted syslog message", }, { cve: "CVE-2018-16888", cwe: { id: "CWE-250", name: "Execution with Unnecessary Privileges", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1662867", }, ], notes: [ { category: "description", text: "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes.", title: "Vulnerability description", }, { category: "summary", text: "systemd: kills privileged process if unprivileged PIDFile was tampered", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-16888", }, { category: "external", summary: "RHBZ#1662867", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1662867", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-16888", url: "https://www.cve.org/CVERecord?id=CVE-2018-16888", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-16888", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-16888", }, ], release_date: "2017-08-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "systemd: kills privileged process if unprivileged PIDFile was tampered", }, { cve: "CVE-2018-18310", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2018-10-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1642604", }, ], notes: [ { category: "description", text: "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of elfutils as shipped with Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-18310", }, { category: "external", summary: "RHBZ#1642604", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1642604", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-18310", url: "https://www.cve.org/CVERecord?id=CVE-2018-18310", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-18310", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-18310", }, ], release_date: "2018-10-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", }, { cve: "CVE-2018-18520", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2018-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1646477", }, ], notes: [ { category: "description", text: "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: eu-size cannot handle recursive ar files", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of elfutils as shipped with Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-18520", }, { category: "external", summary: "RHBZ#1646477", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1646477", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-18520", url: "https://www.cve.org/CVERecord?id=CVE-2018-18520", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-18520", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-18520", }, ], release_date: "2018-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: eu-size cannot handle recursive ar files", }, { cve: "CVE-2018-18521", cwe: { id: "CWE-369", name: "Divide By Zero", }, discovery_date: "2018-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1646482", }, ], notes: [ { category: "description", text: "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of elfutils as shipped with Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-18521", }, { category: "external", summary: "RHBZ#1646482", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1646482", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-18521", url: "https://www.cve.org/CVERecord?id=CVE-2018-18521", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-18521", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-18521", }, ], release_date: "2018-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", }, { cve: "CVE-2018-20217", cwe: { id: "CWE-617", name: "Reachable Assertion", }, discovery_date: "2018-12-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1665296", }, ], notes: [ { category: "description", text: "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.", title: "Vulnerability description", }, { category: "summary", text: "krb5: Reachable assertion in the KDC using S4U2Self requests", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-20217", }, { category: "external", summary: "RHBZ#1665296", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1665296", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-20217", url: "https://www.cve.org/CVERecord?id=CVE-2018-20217", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-20217", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-20217", }, ], release_date: "2018-12-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "krb5: Reachable assertion in the KDC using S4U2Self requests", }, { cve: "CVE-2018-1000876", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2018-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1664699", }, ], notes: [ { category: "description", text: "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.", title: "Vulnerability description", }, { category: "summary", text: "binutils: integer overflow leads to heap-based buffer overflow in objdump", title: "Vulnerability summary", }, { category: "other", text: "The issue is classified as moderate severity primarily because of the unlikelihood of running a 32bit compiled objdump and/or having a compiled binary that uses 32bit compiled binutils libraries to analyze binaries from a not trusted source. Moreover, binutils does not handle privileged operations, meaning exploitation is unlikely to lead to system compromise or escalation of privileges. Additionally, the impact is localized to the application itself, without affecting the broader system or network security. \n\nAs per upstream binutils security policy this issue is not considered as a security flaw. Basically the key element of the policy that affects this is the understanding that analysis of untrusted binaries must always be done in a sandbox because the ELF format is open ended enough to make the analysis tools do anything, like including and processing arbitrary files. This eliminates the only possible vulnerability vector here, which is the possibility of a user being tricked into downloading and analyzing an untrusted ELF without sandboxing.\n\nSee the binutils security policy for more details:\nhttps://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-1000876", }, { category: "external", summary: "RHBZ#1664699", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1664699", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-1000876", url: "https://www.cve.org/CVERecord?id=CVE-2018-1000876", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1000876", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1000876", }, ], release_date: "2018-12-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "binutils: integer overflow leads to heap-based buffer overflow in objdump", }, { cve: "CVE-2019-1559", cwe: { id: "CWE-325", name: "Missing Cryptographic Step", }, discovery_date: "2019-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1683804", }, ], notes: [ { category: "description", text: "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", title: "Vulnerability description", }, { category: "summary", text: "openssl: 0-byte record padding oracle", title: "Vulnerability summary", }, { category: "other", text: "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n - The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n - the attacker has to be a MITM\n - the attacker has to be able to control the client side to send requests to the buggy server on demand", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-1559", }, { category: "external", summary: "RHBZ#1683804", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1683804", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-1559", url: "https://www.cve.org/CVERecord?id=CVE-2019-1559", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-1559", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-1559", }, { category: "external", summary: "https://github.com/RUB-NDS/TLS-Padding-Oracles", url: "https://github.com/RUB-NDS/TLS-Padding-Oracles", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20190226.txt", url: "https://www.openssl.org/news/secadv/20190226.txt", }, ], release_date: "2019-02-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: 0-byte record padding oracle", }, { acknowledgments: [ { names: [ "the libssh2 project", ], }, { names: [ "Chris Coulson", ], organization: "Canonical Ltd.", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-3858", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2019-03-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1687306", }, ], notes: [ { category: "description", text: "An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.", title: "Vulnerability description", }, { category: "summary", text: "libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read", title: "Vulnerability summary", }, { category: "other", text: "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.\n\nlibssh2 is no longer included in the virt module since Red Hat Enterprise Linux 8.1.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-3858", }, { category: "external", summary: "RHBZ#1687306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1687306", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-3858", url: "https://www.cve.org/CVERecord?id=CVE-2019-3858", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-3858", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-3858", }, { category: "external", summary: "https://www.libssh2.org/CVE-2019-3858.html", url: "https://www.libssh2.org/CVE-2019-3858.html", }, ], release_date: "2019-03-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read", }, { acknowledgments: [ { names: [ "the libssh2 project", ], }, { names: [ "Chris Coulson", ], organization: "Canonical Ltd.", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-3861", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2019-03-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1687311", }, ], notes: [ { category: "description", text: "An out of bounds read flaw was discovered in libssh2 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.", title: "Vulnerability description", }, { category: "summary", text: "libssh2: Out-of-bounds reads with specially crafted SSH packets", title: "Vulnerability summary", }, { category: "other", text: "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.\n\nlibssh2 is no longer included in the virt module since Red Hat Enterprise Linux 8.1.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-3861", }, { category: "external", summary: "RHBZ#1687311", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1687311", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-3861", url: "https://www.cve.org/CVERecord?id=CVE-2019-3861", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-3861", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-3861", }, { category: "external", summary: "https://www.libssh2.org/CVE-2019-3861.html", url: "https://www.libssh2.org/CVE-2019-3861.html", }, ], release_date: "2019-03-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libssh2: Out-of-bounds reads with specially crafted SSH packets", }, { acknowledgments: [ { names: [ "the libssh2 project", ], }, { names: [ "Chris Coulson", ], organization: "Canonical Ltd.", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-3862", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, discovery_date: "2019-03-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1687312", }, ], notes: [ { category: "description", text: "An out of bounds read flaw was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.", title: "Vulnerability description", }, { category: "summary", text: "libssh2: Out-of-bounds memory comparison with specially crafted message channel request", title: "Vulnerability summary", }, { category: "other", text: "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.\n\nlibssh2 is no longer included in the virt module since Red Hat Enterprise Linux 8.1.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-3862", }, { category: "external", summary: "RHBZ#1687312", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1687312", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-3862", url: "https://www.cve.org/CVERecord?id=CVE-2019-3862", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-3862", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-3862", }, { category: "external", summary: "https://www.libssh2.org/CVE-2019-3862.html", url: "https://www.libssh2.org/CVE-2019-3862.html", }, ], release_date: "2019-03-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libssh2: Out-of-bounds memory comparison with specially crafted message channel request", }, { cve: "CVE-2019-5010", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2019-01-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666519", }, ], notes: [ { category: "description", text: "A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.", title: "Vulnerability description", }, { category: "summary", text: "python: NULL pointer dereference using a specially crafted X509 certificate", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 5 and 6.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-5010", }, { category: "external", summary: "RHBZ#1666519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-5010", url: "https://www.cve.org/CVERecord?id=CVE-2019-5010", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-5010", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-5010", }, { category: "external", summary: "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", url: "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", }, ], release_date: "2019-01-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: NULL pointer dereference using a specially crafted X509 certificate", }, { cve: "CVE-2019-7149", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2019-01-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1671443", }, ], notes: [ { category: "description", text: "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-7149", }, { category: "external", summary: "RHBZ#1671443", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671443", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-7149", url: "https://www.cve.org/CVERecord?id=CVE-2019-7149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-7149", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-7149", }, ], release_date: "2019-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", }, { cve: "CVE-2019-7150", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2019-01-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1671446", }, ], notes: [ { category: "description", text: "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-7150", }, { category: "external", summary: "RHBZ#1671446", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671446", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-7150", url: "https://www.cve.org/CVERecord?id=CVE-2019-7150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-7150", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-7150", }, ], release_date: "2018-10-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", }, { cve: "CVE-2019-7664", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2019-02-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1677536", }, ], notes: [ { category: "description", text: "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", title: "Vulnerability description", }, { category: "summary", text: "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-7664", }, { category: "external", summary: "RHBZ#1677536", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677536", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-7664", url: "https://www.cve.org/CVERecord?id=CVE-2019-7664", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-7664", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-7664", }, ], release_date: "2019-01-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", }, { cve: "CVE-2019-7665", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-02-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1677538", }, ], notes: [ { category: "description", text: "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-7665", }, { category: "external", summary: "RHBZ#1677538", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677538", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-7665", url: "https://www.cve.org/CVERecord?id=CVE-2019-7665", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-7665", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-7665", }, ], release_date: "2019-01-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", }, { cve: "CVE-2019-9740", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2019-03-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1688169", }, ], notes: [ { category: "description", text: "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.", title: "Vulnerability description", }, { category: "summary", text: "python: CRLF injection via the query part of the url passed to urlopen()", title: "Vulnerability summary", }, { category: "other", text: "This issue affects:\n* All current versions of Red Hat OpenStack Platform. However, version 8 is due to retire on the 20th of April 2019, there are no more planned releases prior to this date.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9740", }, { category: "external", summary: "RHBZ#1688169", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1688169", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9740", url: "https://www.cve.org/CVERecord?id=CVE-2019-9740", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9740", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9740", }, ], release_date: "2019-03-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: CRLF injection via the query part of the url passed to urlopen()", }, { cve: "CVE-2019-9947", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2019-03-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1695572", }, ], notes: [ { category: "description", text: "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.", title: "Vulnerability description", }, { category: "summary", text: "python: CRLF injection via the path part of the url passed to urlopen()", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9947", }, { category: "external", summary: "RHBZ#1695572", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1695572", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9947", url: "https://www.cve.org/CVERecord?id=CVE-2019-9947", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9947", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9947", }, ], release_date: "2019-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: CRLF injection via the path part of the url passed to urlopen()", }, { cve: "CVE-2019-9948", cwe: { id: "CWE-749", name: "Exposed Dangerous Method or Function", }, discovery_date: "2019-03-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1695570", }, ], notes: [ { category: "description", text: "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", title: "Vulnerability description", }, { category: "summary", text: "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9948", }, { category: "external", summary: "RHBZ#1695570", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1695570", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9948", url: "https://www.cve.org/CVERecord?id=CVE-2019-9948", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9948", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9948", }, ], release_date: "2019-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "If your application uses a blacklist to prevent \"file://\" schema from being used, consider using a whitelist approach to just allow the schemas you want or add \"local_file://\" schema to your blacklist.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", }, { acknowledgments: [ { names: [ "the Mozilla project", ], }, { names: [ "Jonas Allmann", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-11729", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, discovery_date: "2019-07-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1728437", }, ], notes: [ { category: "description", text: "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.", title: "Vulnerability description", }, { category: "summary", text: "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", title: "Vulnerability summary", }, { category: "other", text: "Firefox on Red Hat Enterprise Linux is built against the system nss library.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11729", }, { category: "external", summary: "RHBZ#1728437", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1728437", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11729", url: "https://www.cve.org/CVERecord?id=CVE-2019-11729", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11729", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11729", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", }, ], release_date: "2019-07-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", }, { acknowledgments: [ { names: [ "the Mozilla Project", ], }, ], cve: "CVE-2019-11745", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2019-11-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1774831", }, ], notes: [ { category: "description", text: "A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well.", title: "Vulnerability description", }, { category: "summary", text: "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", title: "Vulnerability summary", }, { category: "other", text: "Firefox and Thunderbird on Red Hat Enterprise Linux are built against the system nss library.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11745", }, { category: "external", summary: "RHBZ#1774831", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1774831", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11745", url: "https://www.cve.org/CVERecord?id=CVE-2019-11745", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11745", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11745", }, { category: "external", summary: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", }, { category: "external", summary: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", }, ], release_date: "2019-11-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", }, { cve: "CVE-2019-13734", discovery_date: "2019-12-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1781980", }, ], notes: [ { category: "description", text: "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "Vulnerability description", }, { category: "summary", text: "sqlite: fts3: improve shadow table corruption detection", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-13734", }, { category: "external", summary: "RHBZ#1781980", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1781980", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-13734", url: "https://www.cve.org/CVERecord?id=CVE-2019-13734", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-13734", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-13734", }, { category: "external", summary: "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", }, ], release_date: "2019-12-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "sqlite: fts3: improve shadow table corruption detection", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1734", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, discovery_date: "2019-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1801804", }, ], notes: [ { category: "description", text: "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.", title: "Vulnerability description", }, { category: "summary", text: "ansible: shell enabled by default in a pipe lookup plugin subprocess", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1734", }, { category: "external", summary: "RHBZ#1801804", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801804", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1734", url: "https://www.cve.org/CVERecord?id=CVE-2020-1734", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1734", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1734", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "This issue can be avoided by escaping variables which are used in the lookup.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: shell enabled by default in a pipe lookup plugin subprocess", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1735", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802085", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.", title: "Vulnerability description", }, { category: "summary", text: "ansible: path injection on dest parameter in fetch module", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "RHBZ#1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1735", url: "https://www.cve.org/CVERecord?id=CVE-2020-1735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: path injection on dest parameter in fetch module", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1736", cwe: { id: "CWE-732", name: "Incorrect Permission Assignment for Critical Resource", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802124", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This issue affects only the newly created files and not existing ones. If the file already exists at the final destination, those permissions are retained. This could lead to the disclosure of sensitive data.", title: "Vulnerability description", }, { category: "summary", text: "ansible: atomic_move primitive sets permissive permissions", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.8.14 and 2.9.12 as well as previous versions and all 2.7.x versions are affected.\n\nAnsible Tower 3.6.5 and 3.7.2 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1736", }, { category: "external", summary: "RHBZ#1802124", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802124", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1736", url: "https://www.cve.org/CVERecord?id=CVE-2020-1736", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1736", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1736", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "This issue can be mitigated by specifying the \"mode\" on the task. That just leaves a race condition in place where newly created files that specify a mode in the task briefly go from 666 - umask to the final mode. An alternative workaround if many new files are created and to avoid setting a specific mode for each file would be to set the \"mode\" to \"preserve\" value. That will maintain the permissions of the source file on the controller in the final file on the managed host.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.2, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: atomic_move primitive sets permissive permissions", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1737", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-02-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802154", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Extract-Zip function in win_unzip module does not check extracted path", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "RHBZ#1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1737", url: "https://www.cve.org/CVERecord?id=CVE-2020-1737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: Extract-Zip function in win_unzip module does not check extracted path", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1738", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802164", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file.", title: "Vulnerability description", }, { category: "summary", text: "ansible: module package can be selected by the ansible facts", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1738", }, { category: "external", summary: "RHBZ#1802164", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802164", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1738", url: "https://www.cve.org/CVERecord?id=CVE-2020-1738", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1738", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1738", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Specify the parameter 'use' when possible on the package and service modules. Avoid using Ansible Collections on Ansible 2.8.9 or 2.7.16 (and any of the previous versions) as they are not rejecting python with no path (already fixed in 2.9.x).", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: module package can be selected by the ansible facts", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1739", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802178", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "Vulnerability description", }, { category: "summary", text: "ansible: svn module leaks password when specified as a parameter", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "RHBZ#1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1739", url: "https://www.cve.org/CVERecord?id=CVE-2020-1739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Instead of using the parameter 'password' of the subversion module, provide the password with stdin.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: svn module leaks password when specified as a parameter", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1740", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802193", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.", title: "Vulnerability description", }, { category: "summary", text: "ansible: secrets readable after ansible-vault edit", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "RHBZ#1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1740", url: "https://www.cve.org/CVERecord?id=CVE-2020-1740", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the 'edit' option from 'ansible-vault' command line tool.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: secrets readable after ansible-vault edit", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-1746", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2019-12-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1805491", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "RHBZ#1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1746", url: "https://www.cve.org/CVERecord?id=CVE-2020-1746", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", }, ], release_date: "2020-02-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", }, { acknowledgments: [ { names: [ "Abhijeet Kasurde", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2020-1753", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, discovery_date: "2020-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1811008", }, ], notes: [ { category: "description", text: "A security flaw was found in the Ansible Engine when managing Kubernetes using the k8s connection plugin. Sensitive parameters such as passwords and tokens are passed to the kubectl command line instead of using environment variables or an input configuration file, which is safer. This flaw discloses passwords and tokens from the process list, and the no_log directive from the debug module would not be reflected in the underlying command-line tools options, displaying passwords and tokens on stdout and log files.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: kubectl connection plugin leaks sensitive information", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.17, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1753", }, { category: "external", summary: "RHBZ#1811008", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1811008", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1753", url: "https://www.cve.org/CVERecord?id=CVE-2020-1753", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", }, ], release_date: "2020-03-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Currently, there is no mitigation for this issue.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: kubectl connection plugin leaks sensitive information", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10684", cwe: { id: "CWE-862", name: "Missing Authorization", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1815519", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: code injection when using ansible_facts as a subkey", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "RHBZ#1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10684", url: "https://www.cve.org/CVERecord?id=CVE-2020-10684", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", }, ], release_date: "2020-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Ansible: code injection when using ansible_facts as a subkey", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10685", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1814627", }, ], notes: [ { category: "description", text: "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: modules which use files encrypted with vault are not properly cleaned up", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "RHBZ#1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10685", url: "https://www.cve.org/CVERecord?id=CVE-2020-10685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", }, ], release_date: "2020-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: modules which use files encrypted with vault are not properly cleaned up", }, ], }
RHSA-2020:1541
Vulnerability from csaf_redhat
Published
2020-04-22 14:10
Modified
2025-03-19 15:12
Summary
Red Hat Security Advisory: Ansible security and bug fix update (2.9.7)
Notes
Topic
An update for ansible is now available for Ansible Engine 2.9
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Ansible is a simple model-driven configuration management, multi-node
deployment, and remote-task execution system. Ansible works over SSH and
does not require any software or daemons to be installed on remote nodes.
Extension modules can be written in any language and are transferred to
managed machines automatically.
The following packages have been upgraded to a newer upstream version:
ansible (2.9.7)
Bug Fix(es):
* CVE-2020-10684 Ansible: code injection when using ansible_facts as a
subkey
* CVE-2020-10685 Ansible: modules which use files encrypted with vault are
not properly cleaned up
* CVE-2020-10691 Ansible: archive traversal vulnerability in ansible-galaxy
collection install
* CVE-2020-1733 ansible: insecure temporary directory when running
become_user from become directive
* CVE-2020-1735 ansible: path injection on dest parameter in fetch module
* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not
check extracted path
* CVE-2020-1739 ansible: svn module leaks password when specified as a
parameter
* CVE-2020-1740 ansible: secrets readable after ansible-vault edit
* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and
ldap_entry modules
* CVE-2020-1753 Ansible: kubectl connection plugin leaks sensitive
information
See:
https://github.com/ansible/ansible/blob/v2.9.7/changelogs/CHANGELOG-v2.9.rst
for details on bug fixes in this release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for ansible is now available for Ansible Engine 2.9\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Ansible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH and\ndoes not require any software or daemons to be installed on remote nodes.\nExtension modules can be written in any language and are transferred to\nmanaged machines automatically.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.9.7)\n\nBug Fix(es):\n* CVE-2020-10684 Ansible: code injection when using ansible_facts as a\nsubkey\n* CVE-2020-10685 Ansible: modules which use files encrypted with vault are\nnot properly cleaned up\n* CVE-2020-10691 Ansible: archive traversal vulnerability in ansible-galaxy\ncollection install\n* CVE-2020-1733 ansible: insecure temporary directory when running\nbecome_user from become directive\n* CVE-2020-1735 ansible: path injection on dest parameter in fetch module\n* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not\ncheck extracted path\n* CVE-2020-1739 ansible: svn module leaks password when specified as a\nparameter\n* CVE-2020-1740 ansible: secrets readable after ansible-vault edit\n* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and\nldap_entry modules\n* CVE-2020-1753 Ansible: kubectl connection plugin leaks sensitive\ninformation\n\nSee:\nhttps://github.com/ansible/ansible/blob/v2.9.7/changelogs/CHANGELOG-v2.9.rst\nfor details on bug fixes in this release.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2020:1541", url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1801735", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", }, { category: "external", summary: "1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "1811008", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1811008", }, { category: "external", summary: "1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "1817161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1817161", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1541.json", }, ], title: "Red Hat Security Advisory: Ansible security and bug fix update (2.9.7)", tracking: { current_release_date: "2025-03-19T15:12:50+00:00", generator: { date: "2025-03-19T15:12:50+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2020:1541", initial_release_date: "2020-04-22T14:10:47+00:00", revision_history: [ { date: "2020-04-22T14:10:47+00:00", number: "1", summary: "Initial version", }, { date: "2020-04-22T14:10:47+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-19T15:12:50+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Ansible Engine 2.9 for RHEL 7 Server", product: { name: "Red Hat Ansible Engine 2.9 for RHEL 7 Server", product_id: "7Server-Ansible-2.9", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_engine:2.9::el7", }, }, }, { category: "product_name", name: "Red Hat Ansible Engine 2.9 for RHEL 8", product: { name: "Red Hat Ansible Engine 2.9 for RHEL 8", product_id: "8Base-Ansible-2.9", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_engine:2.9::el8", }, }, }, ], category: "product_family", name: "Red Hat Ansible Engine", }, { branches: [ { category: "product_version", name: "ansible-0:2.9.7-1.el7ae.noarch", product: { name: "ansible-0:2.9.7-1.el7ae.noarch", product_id: "ansible-0:2.9.7-1.el7ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.9.7-1.el7ae?arch=noarch", }, }, }, { category: "product_version", name: "ansible-test-0:2.9.7-1.el7ae.noarch", product: { name: "ansible-test-0:2.9.7-1.el7ae.noarch", product_id: "ansible-test-0:2.9.7-1.el7ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-test@2.9.7-1.el7ae?arch=noarch", }, }, }, { category: "product_version", name: "ansible-0:2.9.7-1.el8ae.noarch", product: { name: "ansible-0:2.9.7-1.el8ae.noarch", product_id: "ansible-0:2.9.7-1.el8ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.9.7-1.el8ae?arch=noarch", }, }, }, { category: "product_version", name: "ansible-test-0:2.9.7-1.el8ae.noarch", product: { name: "ansible-test-0:2.9.7-1.el8ae.noarch", product_id: "ansible-test-0:2.9.7-1.el8ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-test@2.9.7-1.el8ae?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "ansible-0:2.9.7-1.el7ae.src", product: { name: "ansible-0:2.9.7-1.el7ae.src", product_id: "ansible-0:2.9.7-1.el7ae.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.9.7-1.el7ae?arch=src", }, }, }, { category: "product_version", name: "ansible-0:2.9.7-1.el8ae.src", product: { name: "ansible-0:2.9.7-1.el8ae.src", product_id: "ansible-0:2.9.7-1.el8ae.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.9.7-1.el8ae?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-0:2.9.7-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.9 for RHEL 7 Server", product_id: "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", }, product_reference: "ansible-0:2.9.7-1.el7ae.noarch", relates_to_product_reference: "7Server-Ansible-2.9", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.9.7-1.el7ae.src as a component of Red Hat Ansible Engine 2.9 for RHEL 7 Server", product_id: "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", }, product_reference: "ansible-0:2.9.7-1.el7ae.src", relates_to_product_reference: "7Server-Ansible-2.9", }, { category: "default_component_of", full_product_name: { name: "ansible-test-0:2.9.7-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.9 for RHEL 7 Server", product_id: "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", }, product_reference: "ansible-test-0:2.9.7-1.el7ae.noarch", relates_to_product_reference: "7Server-Ansible-2.9", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.9.7-1.el8ae.noarch as a component of Red Hat Ansible Engine 2.9 for RHEL 8", product_id: "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", }, product_reference: "ansible-0:2.9.7-1.el8ae.noarch", relates_to_product_reference: "8Base-Ansible-2.9", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.9.7-1.el8ae.src as a component of Red Hat Ansible Engine 2.9 for RHEL 8", product_id: "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", }, product_reference: "ansible-0:2.9.7-1.el8ae.src", relates_to_product_reference: "8Base-Ansible-2.9", }, { category: "default_component_of", full_product_name: { name: "ansible-test-0:2.9.7-1.el8ae.noarch as a component of Red Hat Ansible Engine 2.9 for RHEL 8", product_id: "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", }, product_reference: "ansible-test-0:2.9.7-1.el8ae.noarch", relates_to_product_reference: "8Base-Ansible-2.9", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1733", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1801735", }, ], notes: [ { category: "description", text: "A race condition flaw was found in Ansible Engine when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.", title: "Vulnerability description", }, { category: "summary", text: "ansible: insecure temporary directory when running become_user from become directive", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1733", }, { category: "external", summary: "RHBZ#1801735", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1733", url: "https://www.cve.org/CVERecord?id=CVE-2020-1733", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "This issue can be mitigated by mounting the proc filesystem with hidepid=2 option (https://www.kernel.org/doc/Documentation/filesystems/proc.txt). This way only the user used by Ansible will be able to perform the attack as users on the system will be able to access only their processes /proc/$PID/ directories.\n\nAlso note that mounting proc filesystem with hidepid=2 might require re-mounting it on unpatched kernels, due to a kernel bug (see https://unix.stackexchange.com/questions/584054/why-procfs-mount-option-only-working-on-remount), there will be hidepid=3 in the future (https://patchwork.kernel.org/patch/11310217/).", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: insecure temporary directory when running become_user from become directive", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1735", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802085", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.", title: "Vulnerability description", }, { category: "summary", text: "ansible: path injection on dest parameter in fetch module", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "RHBZ#1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1735", url: "https://www.cve.org/CVERecord?id=CVE-2020-1735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: path injection on dest parameter in fetch module", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1737", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-02-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802154", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Extract-Zip function in win_unzip module does not check extracted path", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "RHBZ#1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1737", url: "https://www.cve.org/CVERecord?id=CVE-2020-1737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: Extract-Zip function in win_unzip module does not check extracted path", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1739", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802178", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "Vulnerability description", }, { category: "summary", text: "ansible: svn module leaks password when specified as a parameter", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "RHBZ#1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1739", url: "https://www.cve.org/CVERecord?id=CVE-2020-1739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "Instead of using the parameter 'password' of the subversion module, provide the password with stdin.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: svn module leaks password when specified as a parameter", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1740", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802193", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.", title: "Vulnerability description", }, { category: "summary", text: "ansible: secrets readable after ansible-vault edit", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "RHBZ#1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1740", url: "https://www.cve.org/CVERecord?id=CVE-2020-1740", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the 'edit' option from 'ansible-vault' command line tool.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: secrets readable after ansible-vault edit", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-1746", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2019-12-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1805491", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "RHBZ#1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1746", url: "https://www.cve.org/CVERecord?id=CVE-2020-1746", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", }, ], release_date: "2020-02-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", }, { acknowledgments: [ { names: [ "Abhijeet Kasurde", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2020-1753", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, discovery_date: "2020-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1811008", }, ], notes: [ { category: "description", text: "A security flaw was found in the Ansible Engine when managing Kubernetes using the k8s connection plugin. Sensitive parameters such as passwords and tokens are passed to the kubectl command line instead of using environment variables or an input configuration file, which is safer. This flaw discloses passwords and tokens from the process list, and the no_log directive from the debug module would not be reflected in the underlying command-line tools options, displaying passwords and tokens on stdout and log files.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: kubectl connection plugin leaks sensitive information", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.17, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1753", }, { category: "external", summary: "RHBZ#1811008", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1811008", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1753", url: "https://www.cve.org/CVERecord?id=CVE-2020-1753", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", }, ], release_date: "2020-03-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "Currently, there is no mitigation for this issue.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: kubectl connection plugin leaks sensitive information", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10684", cwe: { id: "CWE-862", name: "Missing Authorization", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1815519", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: code injection when using ansible_facts as a subkey", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "RHBZ#1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10684", url: "https://www.cve.org/CVERecord?id=CVE-2020-10684", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", }, ], release_date: "2020-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Ansible: code injection when using ansible_facts as a subkey", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10685", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1814627", }, ], notes: [ { category: "description", text: "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: modules which use files encrypted with vault are not properly cleaned up", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "RHBZ#1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10685", url: "https://www.cve.org/CVERecord?id=CVE-2020-10685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", }, ], release_date: "2020-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: modules which use files encrypted with vault are not properly cleaned up", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-10691", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-03-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1817161", }, ], notes: [ { category: "description", text: "An archive traversal flaw was found in Ansible Engine when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: archive traversal vulnerability in ansible-galaxy collection install", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.9.6 as well as previous 2.9.x versions are affected. Ansible versions less than or equal to 2.8 are not affected by this vulnerability as this functionality was introduced on 2.9.\n\nAnsible Tower 3.6.3 as well as previous 3.6.x versions are affected as they use ansible-galaxy collections.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10691", }, { category: "external", summary: "RHBZ#1817161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1817161", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10691", url: "https://www.cve.org/CVERecord?id=CVE-2020-10691", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10691", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10691", }, ], release_date: "2020-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "A possible mitigation of archive traversal issue could be done by restricting file access control and directory write accesses for extracting tarball files. This is feasible only for scenarios when the destination path could be known and enforced beforehand.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: archive traversal vulnerability in ansible-galaxy collection install", }, ], }
RHSA-2020:1543
Vulnerability from csaf_redhat
Published
2020-04-22 14:11
Modified
2025-03-19 15:12
Summary
Red Hat Security Advisory: Ansible security and bug fix update (2.8.11)
Notes
Topic
An update for ansible is now available for Ansible Engine 2.8
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Ansible is a simple model-driven configuration management, multi-node
deployment, and remote-task execution system. Ansible works over SSH and
does not require any software or daemons to be installed on remote nodes.
Extension modules can be written in any language and are transferred to
managed machines automatically.
The following packages have been upgraded to a newer upstream version:
ansible (2.8.11)
Bug Fix(es):
* CVE-2020-10684 Ansible: code injection when using ansible_facts as a
subkey
* CVE-2020-10685 Ansible: modules which use files encrypted with vault are
not properly cleaned up
* CVE-2020-1733 ansible: insecure temporary directory when running
become_user from become directive
* CVE-2020-1735 ansible: path injection on dest parameter in fetch module
* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not
check extracted path
* CVE-2020-1739 ansible: svn module leaks password when specified as a
parameter
* CVE-2020-1740 ansible: secrets readable after ansible-vault edit
* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and
ldap_entry modules
See:
https://github.com/ansible/ansible/blob/v2.8.11/changelogs/CHANGELOG-v2.8.rst
for details on bug fixes in this release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for ansible is now available for Ansible Engine 2.8\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Ansible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH and\ndoes not require any software or daemons to be installed on remote nodes.\nExtension modules can be written in any language and are transferred to\nmanaged machines automatically.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.8.11)\n\nBug Fix(es):\n* CVE-2020-10684 Ansible: code injection when using ansible_facts as a\nsubkey\n* CVE-2020-10685 Ansible: modules which use files encrypted with vault are\nnot properly cleaned up\n* CVE-2020-1733 ansible: insecure temporary directory when running\nbecome_user from become directive\n* CVE-2020-1735 ansible: path injection on dest parameter in fetch module\n* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not\ncheck extracted path\n* CVE-2020-1739 ansible: svn module leaks password when specified as a\nparameter\n* CVE-2020-1740 ansible: secrets readable after ansible-vault edit\n* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and\nldap_entry modules\n\nSee:\nhttps://github.com/ansible/ansible/blob/v2.8.11/changelogs/CHANGELOG-v2.8.rst\nfor details on bug fixes in this release.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2020:1543", url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1801735", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", }, { category: "external", summary: "1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1543.json", }, ], title: "Red Hat Security Advisory: Ansible security and bug fix update (2.8.11)", tracking: { current_release_date: "2025-03-19T15:12:49+00:00", generator: { date: "2025-03-19T15:12:49+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2020:1543", initial_release_date: "2020-04-22T14:11:07+00:00", revision_history: [ { date: "2020-04-22T14:11:07+00:00", number: "1", summary: "Initial version", }, { date: "2020-04-22T14:11:07+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-19T15:12:49+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Ansible Engine 2.8 for RHEL 7 Server", product: { name: "Red Hat Ansible Engine 2.8 for RHEL 7 Server", product_id: "7Server-Ansible-2.8", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_engine:2.8::el7", }, }, }, { category: "product_name", name: "Red Hat Ansible Engine 2.8 for RHEL 8", product: { name: "Red Hat Ansible Engine 2.8 for RHEL 8", product_id: "8Base-Ansible-2.8", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_engine:2.8::el8", }, }, }, ], category: "product_family", name: "Red Hat Ansible Engine", }, { branches: [ { category: "product_version", name: "ansible-0:2.8.11-1.el7ae.noarch", product: { name: "ansible-0:2.8.11-1.el7ae.noarch", product_id: "ansible-0:2.8.11-1.el7ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.8.11-1.el7ae?arch=noarch", }, }, }, { category: "product_version", name: "ansible-0:2.8.11-1.el8ae.noarch", product: { name: "ansible-0:2.8.11-1.el8ae.noarch", product_id: "ansible-0:2.8.11-1.el8ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.8.11-1.el8ae?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "ansible-0:2.8.11-1.el7ae.src", product: { name: "ansible-0:2.8.11-1.el7ae.src", product_id: "ansible-0:2.8.11-1.el7ae.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.8.11-1.el7ae?arch=src", }, }, }, { category: "product_version", name: "ansible-0:2.8.11-1.el8ae.src", product: { name: "ansible-0:2.8.11-1.el8ae.src", product_id: "ansible-0:2.8.11-1.el8ae.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.8.11-1.el8ae?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-0:2.8.11-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.8 for RHEL 7 Server", product_id: "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", }, product_reference: "ansible-0:2.8.11-1.el7ae.noarch", relates_to_product_reference: "7Server-Ansible-2.8", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.8.11-1.el7ae.src as a component of Red Hat Ansible Engine 2.8 for RHEL 7 Server", product_id: "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", }, product_reference: "ansible-0:2.8.11-1.el7ae.src", relates_to_product_reference: "7Server-Ansible-2.8", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.8.11-1.el8ae.noarch as a component of Red Hat Ansible Engine 2.8 for RHEL 8", product_id: "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", }, product_reference: "ansible-0:2.8.11-1.el8ae.noarch", relates_to_product_reference: "8Base-Ansible-2.8", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.8.11-1.el8ae.src as a component of Red Hat Ansible Engine 2.8 for RHEL 8", product_id: "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", }, product_reference: "ansible-0:2.8.11-1.el8ae.src", relates_to_product_reference: "8Base-Ansible-2.8", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1733", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1801735", }, ], notes: [ { category: "description", text: "A race condition flaw was found in Ansible Engine when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.", title: "Vulnerability description", }, { category: "summary", text: "ansible: insecure temporary directory when running become_user from become directive", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1733", }, { category: "external", summary: "RHBZ#1801735", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1733", url: "https://www.cve.org/CVERecord?id=CVE-2020-1733", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:07+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "workaround", details: "This issue can be mitigated by mounting the proc filesystem with hidepid=2 option (https://www.kernel.org/doc/Documentation/filesystems/proc.txt). This way only the user used by Ansible will be able to perform the attack as users on the system will be able to access only their processes /proc/$PID/ directories.\n\nAlso note that mounting proc filesystem with hidepid=2 might require re-mounting it on unpatched kernels, due to a kernel bug (see https://unix.stackexchange.com/questions/584054/why-procfs-mount-option-only-working-on-remount), there will be hidepid=3 in the future (https://patchwork.kernel.org/patch/11310217/).", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: insecure temporary directory when running become_user from become directive", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1735", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802085", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.", title: "Vulnerability description", }, { category: "summary", text: "ansible: path injection on dest parameter in fetch module", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "RHBZ#1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1735", url: "https://www.cve.org/CVERecord?id=CVE-2020-1735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:07+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: path injection on dest parameter in fetch module", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1737", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-02-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802154", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Extract-Zip function in win_unzip module does not check extracted path", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "RHBZ#1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1737", url: "https://www.cve.org/CVERecord?id=CVE-2020-1737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:07+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: Extract-Zip function in win_unzip module does not check extracted path", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1739", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802178", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "Vulnerability description", }, { category: "summary", text: "ansible: svn module leaks password when specified as a parameter", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "RHBZ#1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1739", url: "https://www.cve.org/CVERecord?id=CVE-2020-1739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:07+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "workaround", details: "Instead of using the parameter 'password' of the subversion module, provide the password with stdin.", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: svn module leaks password when specified as a parameter", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1740", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802193", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.", title: "Vulnerability description", }, { category: "summary", text: "ansible: secrets readable after ansible-vault edit", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "RHBZ#1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1740", url: "https://www.cve.org/CVERecord?id=CVE-2020-1740", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:07+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the 'edit' option from 'ansible-vault' command line tool.", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: secrets readable after ansible-vault edit", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-1746", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2019-12-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1805491", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "RHBZ#1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1746", url: "https://www.cve.org/CVERecord?id=CVE-2020-1746", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", }, ], release_date: "2020-02-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:07+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "workaround", details: "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10684", cwe: { id: "CWE-862", name: "Missing Authorization", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1815519", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: code injection when using ansible_facts as a subkey", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "RHBZ#1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10684", url: "https://www.cve.org/CVERecord?id=CVE-2020-10684", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", }, ], release_date: "2020-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:07+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "workaround", details: "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Ansible: code injection when using ansible_facts as a subkey", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10685", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1814627", }, ], notes: [ { category: "description", text: "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: modules which use files encrypted with vault are not properly cleaned up", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "RHBZ#1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10685", url: "https://www.cve.org/CVERecord?id=CVE-2020-10685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", }, ], release_date: "2020-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:07+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: modules which use files encrypted with vault are not properly cleaned up", }, ], }
RHBA-2020:1539
Vulnerability from csaf_redhat
Published
2020-04-22 13:24
Modified
2025-03-15 20:39
Summary
Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container
Notes
Topic
Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container
Details
* Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)
* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)
* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)
* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container", title: "Topic", }, { category: "general", text: "* Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)\n* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)\n* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)\n* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2020:1539", url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhba-2020_1539.json", }, ], title: "Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container", tracking: { current_release_date: "2025-03-15T20:39:09+00:00", generator: { date: "2025-03-15T20:39:09+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHBA-2020:1539", initial_release_date: "2020-04-22T13:24:05+00:00", revision_history: [ { date: "2020-04-22T13:24:05+00:00", number: "1", summary: "Initial version", }, { date: "2020-04-22T13:24:05+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T20:39:09+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Ansible Tower 3.5 for RHEL 7 Server", product: { name: "Red Hat Ansible Tower 3.5 for RHEL 7 Server", product_id: "7Server-Ansible-Tower-3.5", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_tower:3.5::el7", }, }, }, ], category: "product_family", name: "Red Hat Ansible Tower", }, { branches: [ { category: "product_version", name: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", product: { name: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", product_id: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", product_identification_helper: { purl: "pkg:oci/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463?arch=amd64&repository_url=registry.redhat.io/ansible-tower-35/ansible-tower&tag=3.5.6-1", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 as a component of Red Hat Ansible Tower 3.5 for RHEL 7 Server", product_id: "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", }, product_reference: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", relates_to_product_reference: "7Server-Ansible-Tower-3.5", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Mozilla project", ], }, { names: [ "Ucha Gobejishvili", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-2716", discovery_date: "2015-05-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1220607", }, ], notes: [ { category: "description", text: "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.", title: "Vulnerability description", }, { category: "summary", text: "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of expat package as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact, a future update may address this flaw.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-2716", }, { category: "external", summary: "RHBZ#1220607", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1220607", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-2716", url: "https://www.cve.org/CVERecord?id=CVE-2015-2716", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-2716", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-2716", }, { category: "external", summary: "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", url: "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", }, ], release_date: "2015-05-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()", }, { cve: "CVE-2015-8035", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2015-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1277146", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: DoS caused by incorrect error detection during XZ decompression", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "RHBZ#1277146", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1277146", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8035", url: "https://www.cve.org/CVERecord?id=CVE-2015-8035", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", }, ], release_date: "2015-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: DoS caused by incorrect error detection during XZ decompression", }, { cve: "CVE-2016-5131", discovery_date: "2016-07-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1358641", }, ], notes: [ { category: "description", text: "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free triggered by XPointer paths beginning with range-to", title: "Vulnerability summary", }, { category: "other", text: "This flaw in libxml2 requires exposing the library to XPath/XPointer expressions from an untrusted source, which is not common in practice for applications using libxml2. For libxml2, Red Hat Product Security has rated this vulnerability as Moderate severity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-5131", }, { category: "external", summary: "RHBZ#1358641", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-5131", url: "https://www.cve.org/CVERecord?id=CVE-2016-5131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", }, { category: "external", summary: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", url: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", }, ], release_date: "2016-07-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libxml2: Use after free triggered by XPointer paths beginning with range-to", }, { cve: "CVE-2017-15412", discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523128", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-15412", }, { category: "external", summary: "RHBZ#1523128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523128", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-15412", url: "https://www.cve.org/CVERecord?id=CVE-2017-15412", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", }, ], release_date: "2017-12-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c", }, { cve: "CVE-2017-18258", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-04-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1566749", }, ], notes: [ { category: "description", text: "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18258", }, { category: "external", summary: "RHBZ#1566749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1566749", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18258", url: "https://www.cve.org/CVERecord?id=CVE-2017-18258", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", }, ], release_date: "2017-09-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", }, { cve: "CVE-2018-10360", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2018-06-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1590000", }, ], notes: [ { category: "description", text: "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.", title: "Vulnerability description", }, { category: "summary", text: "file: out-of-bounds read via a crafted ELF file", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-10360", }, { category: "external", summary: "RHBZ#1590000", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1590000", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-10360", url: "https://www.cve.org/CVERecord?id=CVE-2018-10360", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-10360", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-10360", }, ], release_date: "2018-06-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "file: out-of-bounds read via a crafted ELF file", }, { cve: "CVE-2018-14404", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2018-06-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1595985", }, ], notes: [ { category: "description", text: "A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14404", }, { category: "external", summary: "RHBZ#1595985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14404", url: "https://www.cve.org/CVERecord?id=CVE-2018-14404", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", }, ], release_date: "2018-06-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", }, { cve: "CVE-2018-14567", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-08-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1619875", }, ], notes: [ { category: "description", text: "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Product Security has rated this flaw as having Low impact. A future update may address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14567", }, { category: "external", summary: "RHBZ#1619875", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1619875", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14567", url: "https://www.cve.org/CVERecord?id=CVE-2018-14567", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", }, ], release_date: "2018-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", }, { cve: "CVE-2018-18074", cwe: { id: "CWE-522", name: "Insufficiently Protected Credentials", }, discovery_date: "2018-10-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1643829", }, ], notes: [ { category: "description", text: "A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user's valid credentials.", title: "Vulnerability description", }, { category: "summary", text: "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-18074", }, { category: "external", summary: "RHBZ#1643829", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1643829", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-18074", url: "https://www.cve.org/CVERecord?id=CVE-2018-18074", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-18074", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-18074", }, ], release_date: "2018-06-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 2.6, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header", }, { cve: "CVE-2018-20060", cwe: { id: "CWE-522", name: "Insufficiently Protected Credentials", }, discovery_date: "2018-11-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1649153", }, ], notes: [ { category: "description", text: "urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.", title: "Vulnerability description", }, { category: "summary", text: "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-20060", }, { category: "external", summary: "RHBZ#1649153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1649153", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-20060", url: "https://www.cve.org/CVERecord?id=CVE-2018-20060", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-20060", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-20060", }, ], release_date: "2018-03-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Use `retries=urllib3.Retry(redirect=0)` when performing requests if you do not need redirection and handle the redirects manually if you need them.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure", }, { cve: "CVE-2018-20852", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2019-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1740347", }, ], notes: [ { category: "description", text: "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", title: "Vulnerability description", }, { category: "summary", text: "python: Cookie domain check returns incorrect results", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of python as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of python3 as shipped with Red Hat Enterprise Linux 7 and 8. This issue affects the versions of python2 and python36 as shipped with Red Hat Enterprise Linux 8.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-20852", }, { category: "external", summary: "RHBZ#1740347", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1740347", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-20852", url: "https://www.cve.org/CVERecord?id=CVE-2018-20852", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-20852", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-20852", }, ], release_date: "2018-10-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "A potentially simple workaround in the absence of patch on affected versions is to set DomainStrict in the cookiepolicy that would make sure a literal match against domain. The disadvantage would be that cookie set on example.com would not be shared with subdomain which might break workflow.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: Cookie domain check returns incorrect results", }, { acknowledgments: [ { names: [ "Ray Strode", ], organization: "The GNOME Project", }, { names: [ "Maxime Vellard", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-3820", cwe: { id: "CWE-285", name: "Improper Authorization", }, discovery_date: "2019-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1669391", }, ], notes: [ { category: "description", text: "A vulnerability was found where the gnome-shell lock screen, since version 3.15.91, does not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts and potentially other actions. This vulnerability was fixed in gnome-shell 3.31.5 and 3.30.3.", title: "Vulnerability description", }, { category: "summary", text: "gnome-shell: partial lock screen bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-3820", }, { category: "external", summary: "RHBZ#1669391", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1669391", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-3820", url: "https://www.cve.org/CVERecord?id=CVE-2019-3820", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-3820", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-3820", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851", url: "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851", }, ], release_date: "2019-02-05T12:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "gnome-shell: partial lock screen bypass", }, { acknowledgments: [ { names: [ "the Curl project", ], }, { names: [ "l00p3r", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-5436", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-05-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1710620", }, ], notes: [ { category: "description", text: "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", title: "Vulnerability description", }, { category: "summary", text: "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", title: "Vulnerability summary", }, { category: "other", text: "This flaw exists if the user selects to use a \"blksize\" of 504 or smaller (default is 512). The smaller size that is used, the larger the possible overflow becomes.\nUsers choosing a smaller size than default should be rare as the primary use case for changing the size is to make it larger. It is rare for users to use TFTP across the Internet. It is most commonly used within local networks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-5436", }, { category: "external", summary: "RHBZ#1710620", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1710620", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-5436", url: "https://www.cve.org/CVERecord?id=CVE-2019-5436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-5436", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-5436", }, { category: "external", summary: "https://curl.haxx.se/docs/CVE-2019-5436.html", url: "https://curl.haxx.se/docs/CVE-2019-5436.html", }, ], release_date: "2019-05-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", }, { cve: "CVE-2019-9924", cwe: { id: "CWE-138", name: "Improper Neutralization of Special Elements", }, discovery_date: "2019-03-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1691774", }, ], notes: [ { category: "description", text: "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.", title: "Vulnerability description", }, { category: "summary", text: "bash: BASH_CMD is writable in restricted bash shells", title: "Vulnerability summary", }, { category: "other", text: "Impact of the flaw set to Moderate as restricted shell shall not be used as a security feature alone, as it is very hard to configure it properly and several bypasses exist for it.\n\nThis issue did not affect the versions of bash as shipped with Red Hat Enterprise Linux 5 as they did not include support for BASH_CMDS environment variable.\n\nRed Hat Virtualization Hypervisor and Management Appliance were affected by this issue, but do not use the restricted bash shell in a way that would be exposed to attackers. Future updates may address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9924", }, { category: "external", summary: "RHBZ#1691774", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1691774", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9924", url: "https://www.cve.org/CVERecord?id=CVE-2019-9924", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9924", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9924", }, ], release_date: "2019-03-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bash: BASH_CMD is writable in restricted bash shells", }, { cve: "CVE-2019-11236", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2019-04-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1700824", }, ], notes: [ { category: "description", text: "In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.", title: "Vulnerability description", }, { category: "summary", text: "python-urllib3: CRLF injection due to not encoding the '\\r\\n' sequence leading to possible attack on internal service", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of python-urllib3 shipped with Red Hat Gluster Storage 3, as it is vulnerable to CRLF injection.\n\nRed Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11236", }, { category: "external", summary: "RHBZ#1700824", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1700824", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11236", url: "https://www.cve.org/CVERecord?id=CVE-2019-11236", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11236", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11236", }, ], release_date: "2019-03-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python-urllib3: CRLF injection due to not encoding the '\\r\\n' sequence leading to possible attack on internal service", }, { cve: "CVE-2019-16056", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2019-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1749839", }, ], notes: [ { category: "description", text: "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", title: "Vulnerability description", }, { category: "summary", text: "python: email.utils.parseaddr wrongly parses email addresses", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-16056", }, { category: "external", summary: "RHBZ#1749839", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1749839", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-16056", url: "https://www.cve.org/CVERecord?id=CVE-2019-16056", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-16056", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-16056", }, ], release_date: "2018-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: email.utils.parseaddr wrongly parses email addresses", }, { cve: "CVE-2019-17041", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-10-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1766693", }, ], notes: [ { category: "description", text: "An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.", title: "Vulnerability description", }, { category: "summary", text: "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-17041", }, { category: "external", summary: "RHBZ#1766693", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1766693", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-17041", url: "https://www.cve.org/CVERecord?id=CVE-2019-17041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-17041", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-17041", }, ], release_date: "2019-09-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c", }, { cve: "CVE-2019-17042", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-10-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1766700", }, ], notes: [ { category: "description", text: "An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.", title: "Vulnerability description", }, { category: "summary", text: "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-17042", }, { category: "external", summary: "RHBZ#1766700", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1766700", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-17042", url: "https://www.cve.org/CVERecord?id=CVE-2019-17042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-17042", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-17042", }, ], release_date: "2019-10-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1734", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, discovery_date: "2019-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1801804", }, ], notes: [ { category: "description", text: "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.", title: "Vulnerability description", }, { category: "summary", text: "ansible: shell enabled by default in a pipe lookup plugin subprocess", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1734", }, { category: "external", summary: "RHBZ#1801804", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801804", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1734", url: "https://www.cve.org/CVERecord?id=CVE-2020-1734", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1734", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1734", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "This issue can be avoided by escaping variables which are used in the lookup.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: shell enabled by default in a pipe lookup plugin subprocess", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1735", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802085", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.", title: "Vulnerability description", }, { category: "summary", text: "ansible: path injection on dest parameter in fetch module", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "RHBZ#1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1735", url: "https://www.cve.org/CVERecord?id=CVE-2020-1735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: path injection on dest parameter in fetch module", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1736", cwe: { id: "CWE-732", name: "Incorrect Permission Assignment for Critical Resource", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802124", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This issue affects only the newly created files and not existing ones. If the file already exists at the final destination, those permissions are retained. This could lead to the disclosure of sensitive data.", title: "Vulnerability description", }, { category: "summary", text: "ansible: atomic_move primitive sets permissive permissions", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.8.14 and 2.9.12 as well as previous versions and all 2.7.x versions are affected.\n\nAnsible Tower 3.6.5 and 3.7.2 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1736", }, { category: "external", summary: "RHBZ#1802124", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802124", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1736", url: "https://www.cve.org/CVERecord?id=CVE-2020-1736", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1736", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1736", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "This issue can be mitigated by specifying the \"mode\" on the task. That just leaves a race condition in place where newly created files that specify a mode in the task briefly go from 666 - umask to the final mode. An alternative workaround if many new files are created and to avoid setting a specific mode for each file would be to set the \"mode\" to \"preserve\" value. That will maintain the permissions of the source file on the controller in the final file on the managed host.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.2, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: atomic_move primitive sets permissive permissions", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1737", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-02-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802154", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Extract-Zip function in win_unzip module does not check extracted path", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "RHBZ#1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1737", url: "https://www.cve.org/CVERecord?id=CVE-2020-1737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: Extract-Zip function in win_unzip module does not check extracted path", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1738", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802164", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file.", title: "Vulnerability description", }, { category: "summary", text: "ansible: module package can be selected by the ansible facts", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1738", }, { category: "external", summary: "RHBZ#1802164", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802164", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1738", url: "https://www.cve.org/CVERecord?id=CVE-2020-1738", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1738", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1738", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Specify the parameter 'use' when possible on the package and service modules. Avoid using Ansible Collections on Ansible 2.8.9 or 2.7.16 (and any of the previous versions) as they are not rejecting python with no path (already fixed in 2.9.x).", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: module package can be selected by the ansible facts", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1739", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802178", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "Vulnerability description", }, { category: "summary", text: "ansible: svn module leaks password when specified as a parameter", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "RHBZ#1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1739", url: "https://www.cve.org/CVERecord?id=CVE-2020-1739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Instead of using the parameter 'password' of the subversion module, provide the password with stdin.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: svn module leaks password when specified as a parameter", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1740", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802193", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.", title: "Vulnerability description", }, { category: "summary", text: "ansible: secrets readable after ansible-vault edit", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "RHBZ#1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1740", url: "https://www.cve.org/CVERecord?id=CVE-2020-1740", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the 'edit' option from 'ansible-vault' command line tool.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: secrets readable after ansible-vault edit", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-1746", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2019-12-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1805491", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "RHBZ#1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1746", url: "https://www.cve.org/CVERecord?id=CVE-2020-1746", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", }, ], release_date: "2020-02-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", }, { acknowledgments: [ { names: [ "Abhijeet Kasurde", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2020-1753", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, discovery_date: "2020-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1811008", }, ], notes: [ { category: "description", text: "A security flaw was found in the Ansible Engine when managing Kubernetes using the k8s connection plugin. Sensitive parameters such as passwords and tokens are passed to the kubectl command line instead of using environment variables or an input configuration file, which is safer. This flaw discloses passwords and tokens from the process list, and the no_log directive from the debug module would not be reflected in the underlying command-line tools options, displaying passwords and tokens on stdout and log files.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: kubectl connection plugin leaks sensitive information", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.17, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1753", }, { category: "external", summary: "RHBZ#1811008", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1811008", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1753", url: "https://www.cve.org/CVERecord?id=CVE-2020-1753", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", }, ], release_date: "2020-03-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: kubectl connection plugin leaks sensitive information", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10684", cwe: { id: "CWE-862", name: "Missing Authorization", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1815519", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: code injection when using ansible_facts as a subkey", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "RHBZ#1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10684", url: "https://www.cve.org/CVERecord?id=CVE-2020-10684", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", }, ], release_date: "2020-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Ansible: code injection when using ansible_facts as a subkey", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10685", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1814627", }, ], notes: [ { category: "description", text: "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: modules which use files encrypted with vault are not properly cleaned up", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "RHBZ#1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10685", url: "https://www.cve.org/CVERecord?id=CVE-2020-10685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", }, ], release_date: "2020-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: modules which use files encrypted with vault are not properly cleaned up", }, ], }
rhba-2020:1539
Vulnerability from csaf_redhat
Published
2020-04-22 13:24
Modified
2025-03-15 20:39
Summary
Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container
Notes
Topic
Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container
Details
* Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)
* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)
* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)
* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container", title: "Topic", }, { category: "general", text: "* Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)\n* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)\n* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)\n* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2020:1539", url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhba-2020_1539.json", }, ], title: "Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container", tracking: { current_release_date: "2025-03-15T20:39:09+00:00", generator: { date: "2025-03-15T20:39:09+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHBA-2020:1539", initial_release_date: "2020-04-22T13:24:05+00:00", revision_history: [ { date: "2020-04-22T13:24:05+00:00", number: "1", summary: "Initial version", }, { date: "2020-04-22T13:24:05+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T20:39:09+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Ansible Tower 3.5 for RHEL 7 Server", product: { name: "Red Hat Ansible Tower 3.5 for RHEL 7 Server", product_id: "7Server-Ansible-Tower-3.5", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_tower:3.5::el7", }, }, }, ], category: "product_family", name: "Red Hat Ansible Tower", }, { branches: [ { category: "product_version", name: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", product: { name: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", product_id: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", product_identification_helper: { purl: "pkg:oci/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463?arch=amd64&repository_url=registry.redhat.io/ansible-tower-35/ansible-tower&tag=3.5.6-1", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 as a component of Red Hat Ansible Tower 3.5 for RHEL 7 Server", product_id: "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", }, product_reference: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", relates_to_product_reference: "7Server-Ansible-Tower-3.5", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Mozilla project", ], }, { names: [ "Ucha Gobejishvili", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-2716", discovery_date: "2015-05-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1220607", }, ], notes: [ { category: "description", text: "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.", title: "Vulnerability description", }, { category: "summary", text: "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of expat package as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact, a future update may address this flaw.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-2716", }, { category: "external", summary: "RHBZ#1220607", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1220607", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-2716", url: "https://www.cve.org/CVERecord?id=CVE-2015-2716", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-2716", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-2716", }, { category: "external", summary: "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", url: "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", }, ], release_date: "2015-05-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()", }, { cve: "CVE-2015-8035", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2015-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1277146", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: DoS caused by incorrect error detection during XZ decompression", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "RHBZ#1277146", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1277146", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8035", url: "https://www.cve.org/CVERecord?id=CVE-2015-8035", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", }, ], release_date: "2015-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: DoS caused by incorrect error detection during XZ decompression", }, { cve: "CVE-2016-5131", discovery_date: "2016-07-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1358641", }, ], notes: [ { category: "description", text: "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free triggered by XPointer paths beginning with range-to", title: "Vulnerability summary", }, { category: "other", text: "This flaw in libxml2 requires exposing the library to XPath/XPointer expressions from an untrusted source, which is not common in practice for applications using libxml2. For libxml2, Red Hat Product Security has rated this vulnerability as Moderate severity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-5131", }, { category: "external", summary: "RHBZ#1358641", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-5131", url: "https://www.cve.org/CVERecord?id=CVE-2016-5131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", }, { category: "external", summary: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", url: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", }, ], release_date: "2016-07-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libxml2: Use after free triggered by XPointer paths beginning with range-to", }, { cve: "CVE-2017-15412", discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523128", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-15412", }, { category: "external", summary: "RHBZ#1523128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523128", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-15412", url: "https://www.cve.org/CVERecord?id=CVE-2017-15412", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", }, ], release_date: "2017-12-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c", }, { cve: "CVE-2017-18258", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-04-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1566749", }, ], notes: [ { category: "description", text: "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18258", }, { category: "external", summary: "RHBZ#1566749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1566749", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18258", url: "https://www.cve.org/CVERecord?id=CVE-2017-18258", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", }, ], release_date: "2017-09-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", }, { cve: "CVE-2018-10360", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2018-06-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1590000", }, ], notes: [ { category: "description", text: "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.", title: "Vulnerability description", }, { category: "summary", text: "file: out-of-bounds read via a crafted ELF file", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-10360", }, { category: "external", summary: "RHBZ#1590000", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1590000", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-10360", url: "https://www.cve.org/CVERecord?id=CVE-2018-10360", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-10360", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-10360", }, ], release_date: "2018-06-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "file: out-of-bounds read via a crafted ELF file", }, { cve: "CVE-2018-14404", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2018-06-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1595985", }, ], notes: [ { category: "description", text: "A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14404", }, { category: "external", summary: "RHBZ#1595985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14404", url: "https://www.cve.org/CVERecord?id=CVE-2018-14404", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", }, ], release_date: "2018-06-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", }, { cve: "CVE-2018-14567", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-08-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1619875", }, ], notes: [ { category: "description", text: "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Product Security has rated this flaw as having Low impact. A future update may address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14567", }, { category: "external", summary: "RHBZ#1619875", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1619875", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14567", url: "https://www.cve.org/CVERecord?id=CVE-2018-14567", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", }, ], release_date: "2018-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", }, { cve: "CVE-2018-18074", cwe: { id: "CWE-522", name: "Insufficiently Protected Credentials", }, discovery_date: "2018-10-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1643829", }, ], notes: [ { category: "description", text: "A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user's valid credentials.", title: "Vulnerability description", }, { category: "summary", text: "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-18074", }, { category: "external", summary: "RHBZ#1643829", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1643829", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-18074", url: "https://www.cve.org/CVERecord?id=CVE-2018-18074", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-18074", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-18074", }, ], release_date: "2018-06-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 2.6, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header", }, { cve: "CVE-2018-20060", cwe: { id: "CWE-522", name: "Insufficiently Protected Credentials", }, discovery_date: "2018-11-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1649153", }, ], notes: [ { category: "description", text: "urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.", title: "Vulnerability description", }, { category: "summary", text: "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-20060", }, { category: "external", summary: "RHBZ#1649153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1649153", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-20060", url: "https://www.cve.org/CVERecord?id=CVE-2018-20060", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-20060", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-20060", }, ], release_date: "2018-03-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Use `retries=urllib3.Retry(redirect=0)` when performing requests if you do not need redirection and handle the redirects manually if you need them.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure", }, { cve: "CVE-2018-20852", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2019-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1740347", }, ], notes: [ { category: "description", text: "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", title: "Vulnerability description", }, { category: "summary", text: "python: Cookie domain check returns incorrect results", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of python as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of python3 as shipped with Red Hat Enterprise Linux 7 and 8. This issue affects the versions of python2 and python36 as shipped with Red Hat Enterprise Linux 8.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-20852", }, { category: "external", summary: "RHBZ#1740347", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1740347", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-20852", url: "https://www.cve.org/CVERecord?id=CVE-2018-20852", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-20852", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-20852", }, ], release_date: "2018-10-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "A potentially simple workaround in the absence of patch on affected versions is to set DomainStrict in the cookiepolicy that would make sure a literal match against domain. The disadvantage would be that cookie set on example.com would not be shared with subdomain which might break workflow.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: Cookie domain check returns incorrect results", }, { acknowledgments: [ { names: [ "Ray Strode", ], organization: "The GNOME Project", }, { names: [ "Maxime Vellard", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-3820", cwe: { id: "CWE-285", name: "Improper Authorization", }, discovery_date: "2019-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1669391", }, ], notes: [ { category: "description", text: "A vulnerability was found where the gnome-shell lock screen, since version 3.15.91, does not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts and potentially other actions. This vulnerability was fixed in gnome-shell 3.31.5 and 3.30.3.", title: "Vulnerability description", }, { category: "summary", text: "gnome-shell: partial lock screen bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-3820", }, { category: "external", summary: "RHBZ#1669391", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1669391", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-3820", url: "https://www.cve.org/CVERecord?id=CVE-2019-3820", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-3820", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-3820", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851", url: "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851", }, ], release_date: "2019-02-05T12:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "gnome-shell: partial lock screen bypass", }, { acknowledgments: [ { names: [ "the Curl project", ], }, { names: [ "l00p3r", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-5436", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-05-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1710620", }, ], notes: [ { category: "description", text: "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", title: "Vulnerability description", }, { category: "summary", text: "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", title: "Vulnerability summary", }, { category: "other", text: "This flaw exists if the user selects to use a \"blksize\" of 504 or smaller (default is 512). The smaller size that is used, the larger the possible overflow becomes.\nUsers choosing a smaller size than default should be rare as the primary use case for changing the size is to make it larger. It is rare for users to use TFTP across the Internet. It is most commonly used within local networks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-5436", }, { category: "external", summary: "RHBZ#1710620", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1710620", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-5436", url: "https://www.cve.org/CVERecord?id=CVE-2019-5436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-5436", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-5436", }, { category: "external", summary: "https://curl.haxx.se/docs/CVE-2019-5436.html", url: "https://curl.haxx.se/docs/CVE-2019-5436.html", }, ], release_date: "2019-05-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", }, { cve: "CVE-2019-9924", cwe: { id: "CWE-138", name: "Improper Neutralization of Special Elements", }, discovery_date: "2019-03-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1691774", }, ], notes: [ { category: "description", text: "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.", title: "Vulnerability description", }, { category: "summary", text: "bash: BASH_CMD is writable in restricted bash shells", title: "Vulnerability summary", }, { category: "other", text: "Impact of the flaw set to Moderate as restricted shell shall not be used as a security feature alone, as it is very hard to configure it properly and several bypasses exist for it.\n\nThis issue did not affect the versions of bash as shipped with Red Hat Enterprise Linux 5 as they did not include support for BASH_CMDS environment variable.\n\nRed Hat Virtualization Hypervisor and Management Appliance were affected by this issue, but do not use the restricted bash shell in a way that would be exposed to attackers. Future updates may address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9924", }, { category: "external", summary: "RHBZ#1691774", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1691774", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9924", url: "https://www.cve.org/CVERecord?id=CVE-2019-9924", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9924", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9924", }, ], release_date: "2019-03-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bash: BASH_CMD is writable in restricted bash shells", }, { cve: "CVE-2019-11236", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2019-04-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1700824", }, ], notes: [ { category: "description", text: "In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.", title: "Vulnerability description", }, { category: "summary", text: "python-urllib3: CRLF injection due to not encoding the '\\r\\n' sequence leading to possible attack on internal service", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of python-urllib3 shipped with Red Hat Gluster Storage 3, as it is vulnerable to CRLF injection.\n\nRed Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11236", }, { category: "external", summary: "RHBZ#1700824", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1700824", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11236", url: "https://www.cve.org/CVERecord?id=CVE-2019-11236", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11236", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11236", }, ], release_date: "2019-03-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python-urllib3: CRLF injection due to not encoding the '\\r\\n' sequence leading to possible attack on internal service", }, { cve: "CVE-2019-16056", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2019-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1749839", }, ], notes: [ { category: "description", text: "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", title: "Vulnerability description", }, { category: "summary", text: "python: email.utils.parseaddr wrongly parses email addresses", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-16056", }, { category: "external", summary: "RHBZ#1749839", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1749839", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-16056", url: "https://www.cve.org/CVERecord?id=CVE-2019-16056", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-16056", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-16056", }, ], release_date: "2018-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: email.utils.parseaddr wrongly parses email addresses", }, { cve: "CVE-2019-17041", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-10-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1766693", }, ], notes: [ { category: "description", text: "An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.", title: "Vulnerability description", }, { category: "summary", text: "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-17041", }, { category: "external", summary: "RHBZ#1766693", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1766693", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-17041", url: "https://www.cve.org/CVERecord?id=CVE-2019-17041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-17041", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-17041", }, ], release_date: "2019-09-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c", }, { cve: "CVE-2019-17042", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-10-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1766700", }, ], notes: [ { category: "description", text: "An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.", title: "Vulnerability description", }, { category: "summary", text: "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-17042", }, { category: "external", summary: "RHBZ#1766700", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1766700", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-17042", url: "https://www.cve.org/CVERecord?id=CVE-2019-17042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-17042", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-17042", }, ], release_date: "2019-10-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1734", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, discovery_date: "2019-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1801804", }, ], notes: [ { category: "description", text: "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.", title: "Vulnerability description", }, { category: "summary", text: "ansible: shell enabled by default in a pipe lookup plugin subprocess", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1734", }, { category: "external", summary: "RHBZ#1801804", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801804", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1734", url: "https://www.cve.org/CVERecord?id=CVE-2020-1734", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1734", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1734", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "This issue can be avoided by escaping variables which are used in the lookup.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: shell enabled by default in a pipe lookup plugin subprocess", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1735", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802085", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.", title: "Vulnerability description", }, { category: "summary", text: "ansible: path injection on dest parameter in fetch module", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "RHBZ#1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1735", url: "https://www.cve.org/CVERecord?id=CVE-2020-1735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: path injection on dest parameter in fetch module", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1736", cwe: { id: "CWE-732", name: "Incorrect Permission Assignment for Critical Resource", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802124", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This issue affects only the newly created files and not existing ones. If the file already exists at the final destination, those permissions are retained. This could lead to the disclosure of sensitive data.", title: "Vulnerability description", }, { category: "summary", text: "ansible: atomic_move primitive sets permissive permissions", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.8.14 and 2.9.12 as well as previous versions and all 2.7.x versions are affected.\n\nAnsible Tower 3.6.5 and 3.7.2 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1736", }, { category: "external", summary: "RHBZ#1802124", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802124", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1736", url: "https://www.cve.org/CVERecord?id=CVE-2020-1736", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1736", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1736", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "This issue can be mitigated by specifying the \"mode\" on the task. That just leaves a race condition in place where newly created files that specify a mode in the task briefly go from 666 - umask to the final mode. An alternative workaround if many new files are created and to avoid setting a specific mode for each file would be to set the \"mode\" to \"preserve\" value. That will maintain the permissions of the source file on the controller in the final file on the managed host.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.2, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: atomic_move primitive sets permissive permissions", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1737", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-02-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802154", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Extract-Zip function in win_unzip module does not check extracted path", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "RHBZ#1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1737", url: "https://www.cve.org/CVERecord?id=CVE-2020-1737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: Extract-Zip function in win_unzip module does not check extracted path", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1738", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802164", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file.", title: "Vulnerability description", }, { category: "summary", text: "ansible: module package can be selected by the ansible facts", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1738", }, { category: "external", summary: "RHBZ#1802164", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802164", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1738", url: "https://www.cve.org/CVERecord?id=CVE-2020-1738", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1738", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1738", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Specify the parameter 'use' when possible on the package and service modules. Avoid using Ansible Collections on Ansible 2.8.9 or 2.7.16 (and any of the previous versions) as they are not rejecting python with no path (already fixed in 2.9.x).", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: module package can be selected by the ansible facts", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1739", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802178", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "Vulnerability description", }, { category: "summary", text: "ansible: svn module leaks password when specified as a parameter", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "RHBZ#1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1739", url: "https://www.cve.org/CVERecord?id=CVE-2020-1739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Instead of using the parameter 'password' of the subversion module, provide the password with stdin.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: svn module leaks password when specified as a parameter", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1740", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802193", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.", title: "Vulnerability description", }, { category: "summary", text: "ansible: secrets readable after ansible-vault edit", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "RHBZ#1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1740", url: "https://www.cve.org/CVERecord?id=CVE-2020-1740", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the 'edit' option from 'ansible-vault' command line tool.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: secrets readable after ansible-vault edit", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-1746", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2019-12-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1805491", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "RHBZ#1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1746", url: "https://www.cve.org/CVERecord?id=CVE-2020-1746", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", }, ], release_date: "2020-02-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", }, { acknowledgments: [ { names: [ "Abhijeet Kasurde", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2020-1753", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, discovery_date: "2020-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1811008", }, ], notes: [ { category: "description", text: "A security flaw was found in the Ansible Engine when managing Kubernetes using the k8s connection plugin. Sensitive parameters such as passwords and tokens are passed to the kubectl command line instead of using environment variables or an input configuration file, which is safer. This flaw discloses passwords and tokens from the process list, and the no_log directive from the debug module would not be reflected in the underlying command-line tools options, displaying passwords and tokens on stdout and log files.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: kubectl connection plugin leaks sensitive information", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.17, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1753", }, { category: "external", summary: "RHBZ#1811008", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1811008", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1753", url: "https://www.cve.org/CVERecord?id=CVE-2020-1753", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", }, ], release_date: "2020-03-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: kubectl connection plugin leaks sensitive information", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10684", cwe: { id: "CWE-862", name: "Missing Authorization", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1815519", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: code injection when using ansible_facts as a subkey", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "RHBZ#1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10684", url: "https://www.cve.org/CVERecord?id=CVE-2020-10684", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", }, ], release_date: "2020-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Ansible: code injection when using ansible_facts as a subkey", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10685", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1814627", }, ], notes: [ { category: "description", text: "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: modules which use files encrypted with vault are not properly cleaned up", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "RHBZ#1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10685", url: "https://www.cve.org/CVERecord?id=CVE-2020-10685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", }, ], release_date: "2020-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: modules which use files encrypted with vault are not properly cleaned up", }, ], }
rhsa-2020_1542
Vulnerability from csaf_redhat
Published
2020-04-22 14:10
Modified
2024-11-22 14:31
Summary
Red Hat Security Advisory: Ansible security and bug fix update (2.9.7)
Notes
Topic
An update for ansible is now available for Ansible Engine 2
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Ansible is a simple model-driven configuration management, multi-node
deployment, and remote-task execution system. Ansible works over SSH and
does not require any software or daemons to be installed on remote nodes.
Extension modules can be written in any language and are transferred to
managed machines automatically.
The following packages have been upgraded to a newer upstream version:
ansible (2.9.7)
Bug Fix(es):
* CVE-2020-10684 Ansible: code injection when using ansible_facts as a
subkey
* CVE-2020-10685 Ansible: modules which use files encrypted with vault are
not properly cleaned up
* CVE-2020-10691 Ansible: archive traversal vulnerability in ansible-galaxy
collection install
* CVE-2020-1733 ansible: insecure temporary directory when running
become_user from become directive
* CVE-2020-1735 ansible: path injection on dest parameter in fetch module
* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not
check extracted path
* CVE-2020-1739 ansible: svn module leaks password when specified as a
parameter
* CVE-2020-1740 ansible: secrets readable after ansible-vault edit
* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and
ldap_entry modules
* CVE-2020-1753 Ansible: kubectl connection plugin leaks sensitive
information
See:
https://github.com/ansible/ansible/blob/v2.9.7/changelogs/CHANGELOG-v2.9.rst
for details on bug fixes in this release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for ansible is now available for Ansible Engine 2\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Ansible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH and\ndoes not require any software or daemons to be installed on remote nodes.\nExtension modules can be written in any language and are transferred to\nmanaged machines automatically.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.9.7)\n\nBug Fix(es):\n* CVE-2020-10684 Ansible: code injection when using ansible_facts as a\nsubkey\n* CVE-2020-10685 Ansible: modules which use files encrypted with vault are\nnot properly cleaned up\n* CVE-2020-10691 Ansible: archive traversal vulnerability in ansible-galaxy\ncollection install\n* CVE-2020-1733 ansible: insecure temporary directory when running\nbecome_user from become directive\n* CVE-2020-1735 ansible: path injection on dest parameter in fetch module\n* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not\ncheck extracted path\n* CVE-2020-1739 ansible: svn module leaks password when specified as a\nparameter\n* CVE-2020-1740 ansible: secrets readable after ansible-vault edit\n* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and\nldap_entry modules\n* CVE-2020-1753 Ansible: kubectl connection plugin leaks sensitive\ninformation\n\nSee:\nhttps://github.com/ansible/ansible/blob/v2.9.7/changelogs/CHANGELOG-v2.9.rst\nfor details on bug fixes in this release.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2020:1542", url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1801735", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", }, { category: "external", summary: "1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "1811008", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1811008", }, { category: "external", summary: "1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "1817161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1817161", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1542.json", }, ], title: "Red Hat Security Advisory: Ansible security and bug fix update (2.9.7)", tracking: { current_release_date: "2024-11-22T14:31:34+00:00", generator: { date: "2024-11-22T14:31:34+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2020:1542", initial_release_date: "2020-04-22T14:10:54+00:00", revision_history: [ { date: "2020-04-22T14:10:54+00:00", number: "1", summary: "Initial version", }, { date: "2020-04-22T14:10:54+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T14:31:34+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Ansible Engine 2 for RHEL 7", product: { name: "Red Hat Ansible Engine 2 for RHEL 7", product_id: "7Server-Ansible-2", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_engine:2::el7", }, }, }, { category: "product_name", name: "Red Hat Ansible Engine 2 for RHEL 8", product: { name: "Red Hat Ansible Engine 2 for RHEL 8", product_id: "8Base-Ansible-2", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_engine:2::el8", }, }, }, ], category: "product_family", name: "Red Hat Ansible Engine", }, { branches: [ { category: "product_version", name: "ansible-0:2.9.7-1.el7ae.noarch", product: { name: "ansible-0:2.9.7-1.el7ae.noarch", product_id: "ansible-0:2.9.7-1.el7ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.9.7-1.el7ae?arch=noarch", }, }, }, { category: "product_version", name: "ansible-test-0:2.9.7-1.el7ae.noarch", product: { name: "ansible-test-0:2.9.7-1.el7ae.noarch", product_id: "ansible-test-0:2.9.7-1.el7ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-test@2.9.7-1.el7ae?arch=noarch", }, }, }, { category: "product_version", name: "ansible-0:2.9.7-1.el8ae.noarch", product: { name: "ansible-0:2.9.7-1.el8ae.noarch", product_id: "ansible-0:2.9.7-1.el8ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.9.7-1.el8ae?arch=noarch", }, }, }, { category: "product_version", name: "ansible-test-0:2.9.7-1.el8ae.noarch", product: { name: "ansible-test-0:2.9.7-1.el8ae.noarch", product_id: "ansible-test-0:2.9.7-1.el8ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-test@2.9.7-1.el8ae?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "ansible-0:2.9.7-1.el7ae.src", product: { name: "ansible-0:2.9.7-1.el7ae.src", product_id: "ansible-0:2.9.7-1.el7ae.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.9.7-1.el7ae?arch=src", }, }, }, { category: "product_version", name: "ansible-0:2.9.7-1.el8ae.src", product: { name: "ansible-0:2.9.7-1.el8ae.src", product_id: "ansible-0:2.9.7-1.el8ae.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.9.7-1.el8ae?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-0:2.9.7-1.el7ae.noarch as a component of Red Hat Ansible Engine 2 for RHEL 7", product_id: "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", }, product_reference: "ansible-0:2.9.7-1.el7ae.noarch", relates_to_product_reference: "7Server-Ansible-2", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.9.7-1.el7ae.src as a component of Red Hat Ansible Engine 2 for RHEL 7", product_id: "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", }, product_reference: "ansible-0:2.9.7-1.el7ae.src", relates_to_product_reference: "7Server-Ansible-2", }, { category: "default_component_of", full_product_name: { name: "ansible-test-0:2.9.7-1.el7ae.noarch as a component of Red Hat Ansible Engine 2 for RHEL 7", product_id: "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", }, product_reference: "ansible-test-0:2.9.7-1.el7ae.noarch", relates_to_product_reference: "7Server-Ansible-2", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.9.7-1.el8ae.noarch as a component of Red Hat Ansible Engine 2 for RHEL 8", product_id: "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", }, product_reference: "ansible-0:2.9.7-1.el8ae.noarch", relates_to_product_reference: "8Base-Ansible-2", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.9.7-1.el8ae.src as a component of Red Hat Ansible Engine 2 for RHEL 8", product_id: "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", }, product_reference: "ansible-0:2.9.7-1.el8ae.src", relates_to_product_reference: "8Base-Ansible-2", }, { category: "default_component_of", full_product_name: { name: "ansible-test-0:2.9.7-1.el8ae.noarch as a component of Red Hat Ansible Engine 2 for RHEL 8", product_id: "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", }, product_reference: "ansible-test-0:2.9.7-1.el8ae.noarch", relates_to_product_reference: "8Base-Ansible-2", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1733", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1801735", }, ], notes: [ { category: "description", text: "A race condition flaw was found in Ansible Engine when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.", title: "Vulnerability description", }, { category: "summary", text: "ansible: insecure temporary directory when running become_user from become directive", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1733", }, { category: "external", summary: "RHBZ#1801735", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1733", url: "https://www.cve.org/CVERecord?id=CVE-2020-1733", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "This issue can be mitigated by mounting the proc filesystem with hidepid=2 option (https://www.kernel.org/doc/Documentation/filesystems/proc.txt). This way only the user used by Ansible will be able to perform the attack as users on the system will be able to access only their processes /proc/$PID/ directories.\n\nAlso note that mounting proc filesystem with hidepid=2 might require re-mounting it on unpatched kernels, due to a kernel bug (see https://unix.stackexchange.com/questions/584054/why-procfs-mount-option-only-working-on-remount), there will be hidepid=3 in the future (https://patchwork.kernel.org/patch/11310217/).", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: insecure temporary directory when running become_user from become directive", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1735", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802085", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.", title: "Vulnerability description", }, { category: "summary", text: "ansible: path injection on dest parameter in fetch module", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "RHBZ#1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1735", url: "https://www.cve.org/CVERecord?id=CVE-2020-1735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: path injection on dest parameter in fetch module", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1737", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-02-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802154", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Extract-Zip function in win_unzip module does not check extracted path", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "RHBZ#1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1737", url: "https://www.cve.org/CVERecord?id=CVE-2020-1737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: Extract-Zip function in win_unzip module does not check extracted path", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1739", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802178", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "Vulnerability description", }, { category: "summary", text: "ansible: svn module leaks password when specified as a parameter", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "RHBZ#1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1739", url: "https://www.cve.org/CVERecord?id=CVE-2020-1739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "Instead of using the parameter 'password' of the subversion module, provide the password with stdin.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: svn module leaks password when specified as a parameter", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1740", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802193", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.", title: "Vulnerability description", }, { category: "summary", text: "ansible: secrets readable after ansible-vault edit", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "RHBZ#1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1740", url: "https://www.cve.org/CVERecord?id=CVE-2020-1740", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the 'edit' option from 'ansible-vault' command line tool.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: secrets readable after ansible-vault edit", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-1746", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2019-12-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1805491", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "RHBZ#1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1746", url: "https://www.cve.org/CVERecord?id=CVE-2020-1746", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", }, ], release_date: "2020-02-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", }, { acknowledgments: [ { names: [ "Abhijeet Kasurde", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2020-1753", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, discovery_date: "2020-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1811008", }, ], notes: [ { category: "description", text: "A security flaw was found in the Ansible Engine when managing Kubernetes using the k8s connection plugin. Sensitive parameters such as passwords and tokens are passed to the kubectl command line instead of using environment variables or an input configuration file, which is safer. This flaw discloses passwords and tokens from the process list, and the no_log directive from the debug module would not be reflected in the underlying command-line tools options, displaying passwords and tokens on stdout and log files.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: kubectl connection plugin leaks sensitive information", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.17, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1753", }, { category: "external", summary: "RHBZ#1811008", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1811008", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1753", url: "https://www.cve.org/CVERecord?id=CVE-2020-1753", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", }, ], release_date: "2020-03-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "Currently, there is no mitigation for this issue.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: kubectl connection plugin leaks sensitive information", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10684", cwe: { id: "CWE-862", name: "Missing Authorization", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1815519", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: code injection when using ansible_facts as a subkey", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "RHBZ#1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10684", url: "https://www.cve.org/CVERecord?id=CVE-2020-10684", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", }, ], release_date: "2020-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Ansible: code injection when using ansible_facts as a subkey", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10685", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1814627", }, ], notes: [ { category: "description", text: "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: modules which use files encrypted with vault are not properly cleaned up", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "RHBZ#1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10685", url: "https://www.cve.org/CVERecord?id=CVE-2020-10685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", }, ], release_date: "2020-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: modules which use files encrypted with vault are not properly cleaned up", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-10691", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-03-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1817161", }, ], notes: [ { category: "description", text: "An archive traversal flaw was found in Ansible Engine when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: archive traversal vulnerability in ansible-galaxy collection install", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.9.6 as well as previous 2.9.x versions are affected. Ansible versions less than or equal to 2.8 are not affected by this vulnerability as this functionality was introduced on 2.9.\n\nAnsible Tower 3.6.3 as well as previous 3.6.x versions are affected as they use ansible-galaxy collections.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10691", }, { category: "external", summary: "RHBZ#1817161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1817161", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10691", url: "https://www.cve.org/CVERecord?id=CVE-2020-10691", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10691", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10691", }, ], release_date: "2020-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "A possible mitigation of archive traversal issue could be done by restricting file access control and directory write accesses for extracting tarball files. This is feasible only for scenarios when the destination path could be known and enforced beforehand.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: archive traversal vulnerability in ansible-galaxy collection install", }, ], }
RHSA-2020:1544
Vulnerability from csaf_redhat
Published
2020-04-22 14:11
Modified
2024-11-15 08:28
Summary
Red Hat Security Advisory: Ansible security and bug fix update (2.7.17)
Notes
Topic
An update for ansible is now available for Ansible Engine 2.7
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Ansible is a simple model-driven configuration management, multi-node
deployment, and remote-task execution system. Ansible works over SSH and
does not require any software or daemons to be installed on remote nodes.
Extension modules can be written in any language and are transferred to
managed machines automatically.
The following packages have been upgraded to a newer upstream version:
ansible (2.7.17)
Bug Fix(es):
* CVE-2020-10684 Ansible: code injection when using ansible_facts as a
subkey
* CVE-2020-10685 Ansible: modules which use files encrypted with vault are
not properly cleaned up
* CVE-2020-1733 ansible: insecure temporary directory when running
become_user from become directive
* CVE-2020-1735 ansible: path injection on dest parameter in fetch module
* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not
check extracted path
* CVE-2020-1739 ansible: svn module leaks password when specified as a
parameter
* CVE-2020-1740 ansible: secrets readable after ansible-vault edit
* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and
ldap_entry modules
See:
https://github.com/ansible/ansible/blob/v2.7.17/changelogs/CHANGELOG-v2.7.rst
for details on bug fixes in this release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for ansible is now available for Ansible Engine 2.7\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Ansible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH and\ndoes not require any software or daemons to be installed on remote nodes.\nExtension modules can be written in any language and are transferred to\nmanaged machines automatically.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.7.17)\n\nBug Fix(es):\n* CVE-2020-10684 Ansible: code injection when using ansible_facts as a\nsubkey\n* CVE-2020-10685 Ansible: modules which use files encrypted with vault are\nnot properly cleaned up\n* CVE-2020-1733 ansible: insecure temporary directory when running\nbecome_user from become directive\n* CVE-2020-1735 ansible: path injection on dest parameter in fetch module\n* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not\ncheck extracted path\n* CVE-2020-1739 ansible: svn module leaks password when specified as a\nparameter\n* CVE-2020-1740 ansible: secrets readable after ansible-vault edit\n* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and\nldap_entry modules\n\nSee:\nhttps://github.com/ansible/ansible/blob/v2.7.17/changelogs/CHANGELOG-v2.7.rst\nfor details on bug fixes in this release.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2020:1544", url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1801735", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", }, { category: "external", summary: "1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1544.json", }, ], title: "Red Hat Security Advisory: Ansible security and bug fix update (2.7.17)", tracking: { current_release_date: "2024-11-15T08:28:56+00:00", generator: { date: "2024-11-15T08:28:56+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2020:1544", initial_release_date: "2020-04-22T14:11:01+00:00", revision_history: [ { date: "2020-04-22T14:11:01+00:00", number: "1", summary: "Initial version", }, { date: "2020-04-22T14:11:01+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-15T08:28:56+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Ansible Engine 2.7 for RHEL 7 Server", product: { name: "Red Hat Ansible Engine 2.7 for RHEL 7 Server", product_id: "7Server-Ansible-2.7", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_engine:2.7::el7", }, }, }, ], category: "product_family", name: "Red Hat Ansible Engine", }, { branches: [ { category: "product_version", name: "ansible-0:2.7.17-1.el7ae.noarch", product: { name: "ansible-0:2.7.17-1.el7ae.noarch", product_id: "ansible-0:2.7.17-1.el7ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.7.17-1.el7ae?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "ansible-0:2.7.17-1.el7ae.src", product: { name: "ansible-0:2.7.17-1.el7ae.src", product_id: "ansible-0:2.7.17-1.el7ae.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.7.17-1.el7ae?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-0:2.7.17-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.7 for RHEL 7 Server", product_id: "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", }, product_reference: "ansible-0:2.7.17-1.el7ae.noarch", relates_to_product_reference: "7Server-Ansible-2.7", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.7.17-1.el7ae.src as a component of Red Hat Ansible Engine 2.7 for RHEL 7 Server", product_id: "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", }, product_reference: "ansible-0:2.7.17-1.el7ae.src", relates_to_product_reference: "7Server-Ansible-2.7", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1733", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1801735", }, ], notes: [ { category: "description", text: "A race condition flaw was found in Ansible Engine when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.", title: "Vulnerability description", }, { category: "summary", text: "ansible: insecure temporary directory when running become_user from become directive", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1733", }, { category: "external", summary: "RHBZ#1801735", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1733", url: "https://www.cve.org/CVERecord?id=CVE-2020-1733", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:01+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "workaround", details: "This issue can be mitigated by mounting the proc filesystem with hidepid=2 option (https://www.kernel.org/doc/Documentation/filesystems/proc.txt). This way only the user used by Ansible will be able to perform the attack as users on the system will be able to access only their processes /proc/$PID/ directories.\n\nAlso note that mounting proc filesystem with hidepid=2 might require re-mounting it on unpatched kernels, due to a kernel bug (see https://unix.stackexchange.com/questions/584054/why-procfs-mount-option-only-working-on-remount), there will be hidepid=3 in the future (https://patchwork.kernel.org/patch/11310217/).", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: insecure temporary directory when running become_user from become directive", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1735", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802085", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.", title: "Vulnerability description", }, { category: "summary", text: "ansible: path injection on dest parameter in fetch module", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "RHBZ#1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1735", url: "https://www.cve.org/CVERecord?id=CVE-2020-1735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:01+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: path injection on dest parameter in fetch module", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1737", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-02-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802154", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Extract-Zip function in win_unzip module does not check extracted path", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "RHBZ#1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1737", url: "https://www.cve.org/CVERecord?id=CVE-2020-1737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:01+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: Extract-Zip function in win_unzip module does not check extracted path", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1739", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802178", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "Vulnerability description", }, { category: "summary", text: "ansible: svn module leaks password when specified as a parameter", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "RHBZ#1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1739", url: "https://www.cve.org/CVERecord?id=CVE-2020-1739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:01+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "workaround", details: "Instead of using the parameter 'password' of the subversion module, provide the password with stdin.", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: svn module leaks password when specified as a parameter", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1740", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802193", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.", title: "Vulnerability description", }, { category: "summary", text: "ansible: secrets readable after ansible-vault edit", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "RHBZ#1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1740", url: "https://www.cve.org/CVERecord?id=CVE-2020-1740", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:01+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the 'edit' option from 'ansible-vault' command line tool.", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: secrets readable after ansible-vault edit", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-1746", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2019-12-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1805491", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "RHBZ#1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1746", url: "https://www.cve.org/CVERecord?id=CVE-2020-1746", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", }, ], release_date: "2020-02-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:01+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "workaround", details: "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10684", cwe: { id: "CWE-862", name: "Missing Authorization", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1815519", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: code injection when using ansible_facts as a subkey", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "RHBZ#1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10684", url: "https://www.cve.org/CVERecord?id=CVE-2020-10684", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", }, ], release_date: "2020-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:01+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "workaround", details: "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Ansible: code injection when using ansible_facts as a subkey", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10685", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1814627", }, ], notes: [ { category: "description", text: "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: modules which use files encrypted with vault are not properly cleaned up", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "RHBZ#1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10685", url: "https://www.cve.org/CVERecord?id=CVE-2020-10685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", }, ], release_date: "2020-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:01+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: modules which use files encrypted with vault are not properly cleaned up", }, ], }
rhsa-2020_1544
Vulnerability from csaf_redhat
Published
2020-04-22 14:11
Modified
2024-11-15 08:28
Summary
Red Hat Security Advisory: Ansible security and bug fix update (2.7.17)
Notes
Topic
An update for ansible is now available for Ansible Engine 2.7
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Ansible is a simple model-driven configuration management, multi-node
deployment, and remote-task execution system. Ansible works over SSH and
does not require any software or daemons to be installed on remote nodes.
Extension modules can be written in any language and are transferred to
managed machines automatically.
The following packages have been upgraded to a newer upstream version:
ansible (2.7.17)
Bug Fix(es):
* CVE-2020-10684 Ansible: code injection when using ansible_facts as a
subkey
* CVE-2020-10685 Ansible: modules which use files encrypted with vault are
not properly cleaned up
* CVE-2020-1733 ansible: insecure temporary directory when running
become_user from become directive
* CVE-2020-1735 ansible: path injection on dest parameter in fetch module
* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not
check extracted path
* CVE-2020-1739 ansible: svn module leaks password when specified as a
parameter
* CVE-2020-1740 ansible: secrets readable after ansible-vault edit
* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and
ldap_entry modules
See:
https://github.com/ansible/ansible/blob/v2.7.17/changelogs/CHANGELOG-v2.7.rst
for details on bug fixes in this release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for ansible is now available for Ansible Engine 2.7\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Ansible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH and\ndoes not require any software or daemons to be installed on remote nodes.\nExtension modules can be written in any language and are transferred to\nmanaged machines automatically.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.7.17)\n\nBug Fix(es):\n* CVE-2020-10684 Ansible: code injection when using ansible_facts as a\nsubkey\n* CVE-2020-10685 Ansible: modules which use files encrypted with vault are\nnot properly cleaned up\n* CVE-2020-1733 ansible: insecure temporary directory when running\nbecome_user from become directive\n* CVE-2020-1735 ansible: path injection on dest parameter in fetch module\n* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not\ncheck extracted path\n* CVE-2020-1739 ansible: svn module leaks password when specified as a\nparameter\n* CVE-2020-1740 ansible: secrets readable after ansible-vault edit\n* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and\nldap_entry modules\n\nSee:\nhttps://github.com/ansible/ansible/blob/v2.7.17/changelogs/CHANGELOG-v2.7.rst\nfor details on bug fixes in this release.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2020:1544", url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1801735", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", }, { category: "external", summary: "1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1544.json", }, ], title: "Red Hat Security Advisory: Ansible security and bug fix update (2.7.17)", tracking: { current_release_date: "2024-11-15T08:28:56+00:00", generator: { date: "2024-11-15T08:28:56+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2020:1544", initial_release_date: "2020-04-22T14:11:01+00:00", revision_history: [ { date: "2020-04-22T14:11:01+00:00", number: "1", summary: "Initial version", }, { date: "2020-04-22T14:11:01+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-15T08:28:56+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Ansible Engine 2.7 for RHEL 7 Server", product: { name: "Red Hat Ansible Engine 2.7 for RHEL 7 Server", product_id: "7Server-Ansible-2.7", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_engine:2.7::el7", }, }, }, ], category: "product_family", name: "Red Hat Ansible Engine", }, { branches: [ { category: "product_version", name: "ansible-0:2.7.17-1.el7ae.noarch", product: { name: "ansible-0:2.7.17-1.el7ae.noarch", product_id: "ansible-0:2.7.17-1.el7ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.7.17-1.el7ae?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "ansible-0:2.7.17-1.el7ae.src", product: { name: "ansible-0:2.7.17-1.el7ae.src", product_id: "ansible-0:2.7.17-1.el7ae.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.7.17-1.el7ae?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-0:2.7.17-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.7 for RHEL 7 Server", product_id: "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", }, product_reference: "ansible-0:2.7.17-1.el7ae.noarch", relates_to_product_reference: "7Server-Ansible-2.7", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.7.17-1.el7ae.src as a component of Red Hat Ansible Engine 2.7 for RHEL 7 Server", product_id: "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", }, product_reference: "ansible-0:2.7.17-1.el7ae.src", relates_to_product_reference: "7Server-Ansible-2.7", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1733", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1801735", }, ], notes: [ { category: "description", text: "A race condition flaw was found in Ansible Engine when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.", title: "Vulnerability description", }, { category: "summary", text: "ansible: insecure temporary directory when running become_user from become directive", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1733", }, { category: "external", summary: "RHBZ#1801735", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1733", url: "https://www.cve.org/CVERecord?id=CVE-2020-1733", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:01+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "workaround", details: "This issue can be mitigated by mounting the proc filesystem with hidepid=2 option (https://www.kernel.org/doc/Documentation/filesystems/proc.txt). This way only the user used by Ansible will be able to perform the attack as users on the system will be able to access only their processes /proc/$PID/ directories.\n\nAlso note that mounting proc filesystem with hidepid=2 might require re-mounting it on unpatched kernels, due to a kernel bug (see https://unix.stackexchange.com/questions/584054/why-procfs-mount-option-only-working-on-remount), there will be hidepid=3 in the future (https://patchwork.kernel.org/patch/11310217/).", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: insecure temporary directory when running become_user from become directive", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1735", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802085", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.", title: "Vulnerability description", }, { category: "summary", text: "ansible: path injection on dest parameter in fetch module", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "RHBZ#1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1735", url: "https://www.cve.org/CVERecord?id=CVE-2020-1735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:01+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: path injection on dest parameter in fetch module", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1737", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-02-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802154", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Extract-Zip function in win_unzip module does not check extracted path", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "RHBZ#1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1737", url: "https://www.cve.org/CVERecord?id=CVE-2020-1737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:01+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: Extract-Zip function in win_unzip module does not check extracted path", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1739", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802178", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "Vulnerability description", }, { category: "summary", text: "ansible: svn module leaks password when specified as a parameter", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "RHBZ#1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1739", url: "https://www.cve.org/CVERecord?id=CVE-2020-1739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:01+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "workaround", details: "Instead of using the parameter 'password' of the subversion module, provide the password with stdin.", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: svn module leaks password when specified as a parameter", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1740", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802193", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.", title: "Vulnerability description", }, { category: "summary", text: "ansible: secrets readable after ansible-vault edit", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "RHBZ#1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1740", url: "https://www.cve.org/CVERecord?id=CVE-2020-1740", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:01+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the 'edit' option from 'ansible-vault' command line tool.", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: secrets readable after ansible-vault edit", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-1746", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2019-12-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1805491", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "RHBZ#1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1746", url: "https://www.cve.org/CVERecord?id=CVE-2020-1746", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", }, ], release_date: "2020-02-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:01+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "workaround", details: "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10684", cwe: { id: "CWE-862", name: "Missing Authorization", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1815519", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: code injection when using ansible_facts as a subkey", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "RHBZ#1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10684", url: "https://www.cve.org/CVERecord?id=CVE-2020-10684", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", }, ], release_date: "2020-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:01+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "workaround", details: "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Ansible: code injection when using ansible_facts as a subkey", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10685", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1814627", }, ], notes: [ { category: "description", text: "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: modules which use files encrypted with vault are not properly cleaned up", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "RHBZ#1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10685", url: "https://www.cve.org/CVERecord?id=CVE-2020-10685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", }, ], release_date: "2020-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:01+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: modules which use files encrypted with vault are not properly cleaned up", }, ], }
rhba-2020_1539
Vulnerability from csaf_redhat
Published
2020-04-22 13:24
Modified
2024-11-22 14:26
Summary
Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container
Notes
Topic
Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container
Details
* Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)
* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)
* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)
* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container", title: "Topic", }, { category: "general", text: "* Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)\n* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)\n* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)\n* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2020:1539", url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhba-2020_1539.json", }, ], title: "Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container", tracking: { current_release_date: "2024-11-22T14:26:26+00:00", generator: { date: "2024-11-22T14:26:26+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHBA-2020:1539", initial_release_date: "2020-04-22T13:24:05+00:00", revision_history: [ { date: "2020-04-22T13:24:05+00:00", number: "1", summary: "Initial version", }, { date: "2020-04-22T13:24:05+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T14:26:26+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Ansible Tower 3.5 for RHEL 7 Server", product: { name: "Red Hat Ansible Tower 3.5 for RHEL 7 Server", product_id: "7Server-Ansible-Tower-3.5", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_tower:3.5::el7", }, }, }, ], category: "product_family", name: "Red Hat Ansible Tower", }, { branches: [ { category: "product_version", name: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", product: { name: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", product_id: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", product_identification_helper: { purl: "pkg:oci/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463?arch=amd64&repository_url=registry.redhat.io/ansible-tower-35/ansible-tower&tag=3.5.6-1", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 as a component of Red Hat Ansible Tower 3.5 for RHEL 7 Server", product_id: "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", }, product_reference: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", relates_to_product_reference: "7Server-Ansible-Tower-3.5", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Mozilla project", ], }, { names: [ "Ucha Gobejishvili", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-2716", discovery_date: "2015-05-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1220607", }, ], notes: [ { category: "description", text: "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.", title: "Vulnerability description", }, { category: "summary", text: "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of expat package as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact, a future update may address this flaw.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-2716", }, { category: "external", summary: "RHBZ#1220607", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1220607", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-2716", url: "https://www.cve.org/CVERecord?id=CVE-2015-2716", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-2716", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-2716", }, { category: "external", summary: "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", url: "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", }, ], release_date: "2015-05-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()", }, { cve: "CVE-2015-8035", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2015-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1277146", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: DoS caused by incorrect error detection during XZ decompression", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "RHBZ#1277146", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1277146", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8035", url: "https://www.cve.org/CVERecord?id=CVE-2015-8035", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", }, ], release_date: "2015-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: DoS caused by incorrect error detection during XZ decompression", }, { cve: "CVE-2016-5131", discovery_date: "2016-07-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1358641", }, ], notes: [ { category: "description", text: "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free triggered by XPointer paths beginning with range-to", title: "Vulnerability summary", }, { category: "other", text: "This flaw in libxml2 requires exposing the library to XPath/XPointer expressions from an untrusted source, which is not common in practice for applications using libxml2. For libxml2, Red Hat Product Security has rated this vulnerability as Moderate severity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-5131", }, { category: "external", summary: "RHBZ#1358641", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-5131", url: "https://www.cve.org/CVERecord?id=CVE-2016-5131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", }, { category: "external", summary: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", url: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", }, ], release_date: "2016-07-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libxml2: Use after free triggered by XPointer paths beginning with range-to", }, { cve: "CVE-2017-15412", discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523128", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-15412", }, { category: "external", summary: "RHBZ#1523128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523128", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-15412", url: "https://www.cve.org/CVERecord?id=CVE-2017-15412", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", }, ], release_date: "2017-12-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c", }, { cve: "CVE-2017-18258", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-04-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1566749", }, ], notes: [ { category: "description", text: "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18258", }, { category: "external", summary: "RHBZ#1566749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1566749", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18258", url: "https://www.cve.org/CVERecord?id=CVE-2017-18258", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", }, ], release_date: "2017-09-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", }, { cve: "CVE-2018-10360", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2018-06-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1590000", }, ], notes: [ { category: "description", text: "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.", title: "Vulnerability description", }, { category: "summary", text: "file: out-of-bounds read via a crafted ELF file", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-10360", }, { category: "external", summary: "RHBZ#1590000", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1590000", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-10360", url: "https://www.cve.org/CVERecord?id=CVE-2018-10360", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-10360", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-10360", }, ], release_date: "2018-06-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "file: out-of-bounds read via a crafted ELF file", }, { cve: "CVE-2018-14404", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2018-06-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1595985", }, ], notes: [ { category: "description", text: "A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14404", }, { category: "external", summary: "RHBZ#1595985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14404", url: "https://www.cve.org/CVERecord?id=CVE-2018-14404", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", }, ], release_date: "2018-06-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", }, { cve: "CVE-2018-14567", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-08-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1619875", }, ], notes: [ { category: "description", text: "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Product Security has rated this flaw as having Low impact. A future update may address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14567", }, { category: "external", summary: "RHBZ#1619875", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1619875", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14567", url: "https://www.cve.org/CVERecord?id=CVE-2018-14567", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", }, ], release_date: "2018-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", }, { cve: "CVE-2018-18074", cwe: { id: "CWE-522", name: "Insufficiently Protected Credentials", }, discovery_date: "2018-10-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1643829", }, ], notes: [ { category: "description", text: "A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user's valid credentials.", title: "Vulnerability description", }, { category: "summary", text: "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-18074", }, { category: "external", summary: "RHBZ#1643829", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1643829", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-18074", url: "https://www.cve.org/CVERecord?id=CVE-2018-18074", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-18074", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-18074", }, ], release_date: "2018-06-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 2.6, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header", }, { cve: "CVE-2018-20060", cwe: { id: "CWE-522", name: "Insufficiently Protected Credentials", }, discovery_date: "2018-11-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1649153", }, ], notes: [ { category: "description", text: "urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.", title: "Vulnerability description", }, { category: "summary", text: "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-20060", }, { category: "external", summary: "RHBZ#1649153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1649153", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-20060", url: "https://www.cve.org/CVERecord?id=CVE-2018-20060", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-20060", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-20060", }, ], release_date: "2018-03-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Use `retries=urllib3.Retry(redirect=0)` when performing requests if you do not need redirection and handle the redirects manually if you need them.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure", }, { cve: "CVE-2018-20852", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2019-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1740347", }, ], notes: [ { category: "description", text: "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", title: "Vulnerability description", }, { category: "summary", text: "python: Cookie domain check returns incorrect results", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of python as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of python3 as shipped with Red Hat Enterprise Linux 7 and 8. This issue affects the versions of python2 and python36 as shipped with Red Hat Enterprise Linux 8.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-20852", }, { category: "external", summary: "RHBZ#1740347", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1740347", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-20852", url: "https://www.cve.org/CVERecord?id=CVE-2018-20852", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-20852", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-20852", }, ], release_date: "2018-10-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "A potentially simple workaround in the absence of patch on affected versions is to set DomainStrict in the cookiepolicy that would make sure a literal match against domain. The disadvantage would be that cookie set on example.com would not be shared with subdomain which might break workflow.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: Cookie domain check returns incorrect results", }, { acknowledgments: [ { names: [ "Ray Strode", ], organization: "The GNOME Project", }, { names: [ "Maxime Vellard", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-3820", cwe: { id: "CWE-285", name: "Improper Authorization", }, discovery_date: "2019-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1669391", }, ], notes: [ { category: "description", text: "A vulnerability was found where the gnome-shell lock screen, since version 3.15.91, does not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts and potentially other actions. This vulnerability was fixed in gnome-shell 3.31.5 and 3.30.3.", title: "Vulnerability description", }, { category: "summary", text: "gnome-shell: partial lock screen bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-3820", }, { category: "external", summary: "RHBZ#1669391", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1669391", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-3820", url: "https://www.cve.org/CVERecord?id=CVE-2019-3820", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-3820", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-3820", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851", url: "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851", }, ], release_date: "2019-02-05T12:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "gnome-shell: partial lock screen bypass", }, { acknowledgments: [ { names: [ "the Curl project", ], }, { names: [ "l00p3r", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-5436", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-05-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1710620", }, ], notes: [ { category: "description", text: "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", title: "Vulnerability description", }, { category: "summary", text: "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", title: "Vulnerability summary", }, { category: "other", text: "This flaw exists if the user selects to use a \"blksize\" of 504 or smaller (default is 512). The smaller size that is used, the larger the possible overflow becomes.\nUsers choosing a smaller size than default should be rare as the primary use case for changing the size is to make it larger. It is rare for users to use TFTP across the Internet. It is most commonly used within local networks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-5436", }, { category: "external", summary: "RHBZ#1710620", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1710620", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-5436", url: "https://www.cve.org/CVERecord?id=CVE-2019-5436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-5436", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-5436", }, { category: "external", summary: "https://curl.haxx.se/docs/CVE-2019-5436.html", url: "https://curl.haxx.se/docs/CVE-2019-5436.html", }, ], release_date: "2019-05-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", }, { cve: "CVE-2019-9924", cwe: { id: "CWE-138", name: "Improper Neutralization of Special Elements", }, discovery_date: "2019-03-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1691774", }, ], notes: [ { category: "description", text: "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.", title: "Vulnerability description", }, { category: "summary", text: "bash: BASH_CMD is writable in restricted bash shells", title: "Vulnerability summary", }, { category: "other", text: "Impact of the flaw set to Moderate as restricted shell shall not be used as a security feature alone, as it is very hard to configure it properly and several bypasses exist for it.\n\nThis issue did not affect the versions of bash as shipped with Red Hat Enterprise Linux 5 as they did not include support for BASH_CMDS environment variable.\n\nRed Hat Virtualization Hypervisor and Management Appliance were affected by this issue, but do not use the restricted bash shell in a way that would be exposed to attackers. Future updates may address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9924", }, { category: "external", summary: "RHBZ#1691774", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1691774", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9924", url: "https://www.cve.org/CVERecord?id=CVE-2019-9924", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9924", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9924", }, ], release_date: "2019-03-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bash: BASH_CMD is writable in restricted bash shells", }, { cve: "CVE-2019-11236", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2019-04-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1700824", }, ], notes: [ { category: "description", text: "In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.", title: "Vulnerability description", }, { category: "summary", text: "python-urllib3: CRLF injection due to not encoding the '\\r\\n' sequence leading to possible attack on internal service", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of python-urllib3 shipped with Red Hat Gluster Storage 3, as it is vulnerable to CRLF injection.\n\nRed Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11236", }, { category: "external", summary: "RHBZ#1700824", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1700824", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11236", url: "https://www.cve.org/CVERecord?id=CVE-2019-11236", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11236", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11236", }, ], release_date: "2019-03-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python-urllib3: CRLF injection due to not encoding the '\\r\\n' sequence leading to possible attack on internal service", }, { cve: "CVE-2019-16056", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2019-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1749839", }, ], notes: [ { category: "description", text: "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", title: "Vulnerability description", }, { category: "summary", text: "python: email.utils.parseaddr wrongly parses email addresses", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-16056", }, { category: "external", summary: "RHBZ#1749839", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1749839", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-16056", url: "https://www.cve.org/CVERecord?id=CVE-2019-16056", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-16056", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-16056", }, ], release_date: "2018-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: email.utils.parseaddr wrongly parses email addresses", }, { cve: "CVE-2019-17041", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-10-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1766693", }, ], notes: [ { category: "description", text: "An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.", title: "Vulnerability description", }, { category: "summary", text: "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-17041", }, { category: "external", summary: "RHBZ#1766693", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1766693", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-17041", url: "https://www.cve.org/CVERecord?id=CVE-2019-17041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-17041", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-17041", }, ], release_date: "2019-09-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c", }, { cve: "CVE-2019-17042", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-10-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1766700", }, ], notes: [ { category: "description", text: "An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.", title: "Vulnerability description", }, { category: "summary", text: "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-17042", }, { category: "external", summary: "RHBZ#1766700", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1766700", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-17042", url: "https://www.cve.org/CVERecord?id=CVE-2019-17042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-17042", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-17042", }, ], release_date: "2019-10-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1734", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, discovery_date: "2019-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1801804", }, ], notes: [ { category: "description", text: "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.", title: "Vulnerability description", }, { category: "summary", text: "ansible: shell enabled by default in a pipe lookup plugin subprocess", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1734", }, { category: "external", summary: "RHBZ#1801804", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801804", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1734", url: "https://www.cve.org/CVERecord?id=CVE-2020-1734", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1734", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1734", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "This issue can be avoided by escaping variables which are used in the lookup.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: shell enabled by default in a pipe lookup plugin subprocess", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1735", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802085", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.", title: "Vulnerability description", }, { category: "summary", text: "ansible: path injection on dest parameter in fetch module", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "RHBZ#1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1735", url: "https://www.cve.org/CVERecord?id=CVE-2020-1735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: path injection on dest parameter in fetch module", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1736", cwe: { id: "CWE-732", name: "Incorrect Permission Assignment for Critical Resource", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802124", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This issue affects only the newly created files and not existing ones. If the file already exists at the final destination, those permissions are retained. This could lead to the disclosure of sensitive data.", title: "Vulnerability description", }, { category: "summary", text: "ansible: atomic_move primitive sets permissive permissions", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.8.14 and 2.9.12 as well as previous versions and all 2.7.x versions are affected.\n\nAnsible Tower 3.6.5 and 3.7.2 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1736", }, { category: "external", summary: "RHBZ#1802124", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802124", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1736", url: "https://www.cve.org/CVERecord?id=CVE-2020-1736", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1736", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1736", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "This issue can be mitigated by specifying the \"mode\" on the task. That just leaves a race condition in place where newly created files that specify a mode in the task briefly go from 666 - umask to the final mode. An alternative workaround if many new files are created and to avoid setting a specific mode for each file would be to set the \"mode\" to \"preserve\" value. That will maintain the permissions of the source file on the controller in the final file on the managed host.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.2, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: atomic_move primitive sets permissive permissions", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1737", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-02-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802154", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Extract-Zip function in win_unzip module does not check extracted path", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "RHBZ#1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1737", url: "https://www.cve.org/CVERecord?id=CVE-2020-1737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: Extract-Zip function in win_unzip module does not check extracted path", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1738", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802164", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file.", title: "Vulnerability description", }, { category: "summary", text: "ansible: module package can be selected by the ansible facts", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1738", }, { category: "external", summary: "RHBZ#1802164", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802164", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1738", url: "https://www.cve.org/CVERecord?id=CVE-2020-1738", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1738", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1738", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Specify the parameter 'use' when possible on the package and service modules. Avoid using Ansible Collections on Ansible 2.8.9 or 2.7.16 (and any of the previous versions) as they are not rejecting python with no path (already fixed in 2.9.x).", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: module package can be selected by the ansible facts", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1739", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802178", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "Vulnerability description", }, { category: "summary", text: "ansible: svn module leaks password when specified as a parameter", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "RHBZ#1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1739", url: "https://www.cve.org/CVERecord?id=CVE-2020-1739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Instead of using the parameter 'password' of the subversion module, provide the password with stdin.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: svn module leaks password when specified as a parameter", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1740", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802193", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.", title: "Vulnerability description", }, { category: "summary", text: "ansible: secrets readable after ansible-vault edit", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "RHBZ#1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1740", url: "https://www.cve.org/CVERecord?id=CVE-2020-1740", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the 'edit' option from 'ansible-vault' command line tool.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: secrets readable after ansible-vault edit", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-1746", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2019-12-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1805491", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "RHBZ#1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1746", url: "https://www.cve.org/CVERecord?id=CVE-2020-1746", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", }, ], release_date: "2020-02-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", }, { acknowledgments: [ { names: [ "Abhijeet Kasurde", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2020-1753", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, discovery_date: "2020-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1811008", }, ], notes: [ { category: "description", text: "A security flaw was found in the Ansible Engine when managing Kubernetes using the k8s connection plugin. Sensitive parameters such as passwords and tokens are passed to the kubectl command line instead of using environment variables or an input configuration file, which is safer. This flaw discloses passwords and tokens from the process list, and the no_log directive from the debug module would not be reflected in the underlying command-line tools options, displaying passwords and tokens on stdout and log files.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: kubectl connection plugin leaks sensitive information", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.17, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1753", }, { category: "external", summary: "RHBZ#1811008", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1811008", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1753", url: "https://www.cve.org/CVERecord?id=CVE-2020-1753", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", }, ], release_date: "2020-03-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: kubectl connection plugin leaks sensitive information", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10684", cwe: { id: "CWE-862", name: "Missing Authorization", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1815519", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: code injection when using ansible_facts as a subkey", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "RHBZ#1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10684", url: "https://www.cve.org/CVERecord?id=CVE-2020-10684", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", }, ], release_date: "2020-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Ansible: code injection when using ansible_facts as a subkey", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10685", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1814627", }, ], notes: [ { category: "description", text: "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: modules which use files encrypted with vault are not properly cleaned up", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "RHBZ#1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10685", url: "https://www.cve.org/CVERecord?id=CVE-2020-10685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", }, ], release_date: "2020-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: modules which use files encrypted with vault are not properly cleaned up", }, ], }
rhsa-2020:1541
Vulnerability from csaf_redhat
Published
2020-04-22 14:10
Modified
2025-03-19 15:12
Summary
Red Hat Security Advisory: Ansible security and bug fix update (2.9.7)
Notes
Topic
An update for ansible is now available for Ansible Engine 2.9
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Ansible is a simple model-driven configuration management, multi-node
deployment, and remote-task execution system. Ansible works over SSH and
does not require any software or daemons to be installed on remote nodes.
Extension modules can be written in any language and are transferred to
managed machines automatically.
The following packages have been upgraded to a newer upstream version:
ansible (2.9.7)
Bug Fix(es):
* CVE-2020-10684 Ansible: code injection when using ansible_facts as a
subkey
* CVE-2020-10685 Ansible: modules which use files encrypted with vault are
not properly cleaned up
* CVE-2020-10691 Ansible: archive traversal vulnerability in ansible-galaxy
collection install
* CVE-2020-1733 ansible: insecure temporary directory when running
become_user from become directive
* CVE-2020-1735 ansible: path injection on dest parameter in fetch module
* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not
check extracted path
* CVE-2020-1739 ansible: svn module leaks password when specified as a
parameter
* CVE-2020-1740 ansible: secrets readable after ansible-vault edit
* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and
ldap_entry modules
* CVE-2020-1753 Ansible: kubectl connection plugin leaks sensitive
information
See:
https://github.com/ansible/ansible/blob/v2.9.7/changelogs/CHANGELOG-v2.9.rst
for details on bug fixes in this release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for ansible is now available for Ansible Engine 2.9\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Ansible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH and\ndoes not require any software or daemons to be installed on remote nodes.\nExtension modules can be written in any language and are transferred to\nmanaged machines automatically.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.9.7)\n\nBug Fix(es):\n* CVE-2020-10684 Ansible: code injection when using ansible_facts as a\nsubkey\n* CVE-2020-10685 Ansible: modules which use files encrypted with vault are\nnot properly cleaned up\n* CVE-2020-10691 Ansible: archive traversal vulnerability in ansible-galaxy\ncollection install\n* CVE-2020-1733 ansible: insecure temporary directory when running\nbecome_user from become directive\n* CVE-2020-1735 ansible: path injection on dest parameter in fetch module\n* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not\ncheck extracted path\n* CVE-2020-1739 ansible: svn module leaks password when specified as a\nparameter\n* CVE-2020-1740 ansible: secrets readable after ansible-vault edit\n* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and\nldap_entry modules\n* CVE-2020-1753 Ansible: kubectl connection plugin leaks sensitive\ninformation\n\nSee:\nhttps://github.com/ansible/ansible/blob/v2.9.7/changelogs/CHANGELOG-v2.9.rst\nfor details on bug fixes in this release.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2020:1541", url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1801735", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", }, { category: "external", summary: "1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "1811008", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1811008", }, { category: "external", summary: "1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "1817161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1817161", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1541.json", }, ], title: "Red Hat Security Advisory: Ansible security and bug fix update (2.9.7)", tracking: { current_release_date: "2025-03-19T15:12:50+00:00", generator: { date: "2025-03-19T15:12:50+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2020:1541", initial_release_date: "2020-04-22T14:10:47+00:00", revision_history: [ { date: "2020-04-22T14:10:47+00:00", number: "1", summary: "Initial version", }, { date: "2020-04-22T14:10:47+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-19T15:12:50+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Ansible Engine 2.9 for RHEL 7 Server", product: { name: "Red Hat Ansible Engine 2.9 for RHEL 7 Server", product_id: "7Server-Ansible-2.9", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_engine:2.9::el7", }, }, }, { category: "product_name", name: "Red Hat Ansible Engine 2.9 for RHEL 8", product: { name: "Red Hat Ansible Engine 2.9 for RHEL 8", product_id: "8Base-Ansible-2.9", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_engine:2.9::el8", }, }, }, ], category: "product_family", name: "Red Hat Ansible Engine", }, { branches: [ { category: "product_version", name: "ansible-0:2.9.7-1.el7ae.noarch", product: { name: "ansible-0:2.9.7-1.el7ae.noarch", product_id: "ansible-0:2.9.7-1.el7ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.9.7-1.el7ae?arch=noarch", }, }, }, { category: "product_version", name: "ansible-test-0:2.9.7-1.el7ae.noarch", product: { name: "ansible-test-0:2.9.7-1.el7ae.noarch", product_id: "ansible-test-0:2.9.7-1.el7ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-test@2.9.7-1.el7ae?arch=noarch", }, }, }, { category: "product_version", name: "ansible-0:2.9.7-1.el8ae.noarch", product: { name: "ansible-0:2.9.7-1.el8ae.noarch", product_id: "ansible-0:2.9.7-1.el8ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.9.7-1.el8ae?arch=noarch", }, }, }, { category: "product_version", name: "ansible-test-0:2.9.7-1.el8ae.noarch", product: { name: "ansible-test-0:2.9.7-1.el8ae.noarch", product_id: "ansible-test-0:2.9.7-1.el8ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-test@2.9.7-1.el8ae?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "ansible-0:2.9.7-1.el7ae.src", product: { name: "ansible-0:2.9.7-1.el7ae.src", product_id: "ansible-0:2.9.7-1.el7ae.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.9.7-1.el7ae?arch=src", }, }, }, { category: "product_version", name: "ansible-0:2.9.7-1.el8ae.src", product: { name: "ansible-0:2.9.7-1.el8ae.src", product_id: "ansible-0:2.9.7-1.el8ae.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.9.7-1.el8ae?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-0:2.9.7-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.9 for RHEL 7 Server", product_id: "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", }, product_reference: "ansible-0:2.9.7-1.el7ae.noarch", relates_to_product_reference: "7Server-Ansible-2.9", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.9.7-1.el7ae.src as a component of Red Hat Ansible Engine 2.9 for RHEL 7 Server", product_id: "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", }, product_reference: "ansible-0:2.9.7-1.el7ae.src", relates_to_product_reference: "7Server-Ansible-2.9", }, { category: "default_component_of", full_product_name: { name: "ansible-test-0:2.9.7-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.9 for RHEL 7 Server", product_id: "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", }, product_reference: "ansible-test-0:2.9.7-1.el7ae.noarch", relates_to_product_reference: "7Server-Ansible-2.9", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.9.7-1.el8ae.noarch as a component of Red Hat Ansible Engine 2.9 for RHEL 8", product_id: "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", }, product_reference: "ansible-0:2.9.7-1.el8ae.noarch", relates_to_product_reference: "8Base-Ansible-2.9", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.9.7-1.el8ae.src as a component of Red Hat Ansible Engine 2.9 for RHEL 8", product_id: "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", }, product_reference: "ansible-0:2.9.7-1.el8ae.src", relates_to_product_reference: "8Base-Ansible-2.9", }, { category: "default_component_of", full_product_name: { name: "ansible-test-0:2.9.7-1.el8ae.noarch as a component of Red Hat Ansible Engine 2.9 for RHEL 8", product_id: "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", }, product_reference: "ansible-test-0:2.9.7-1.el8ae.noarch", relates_to_product_reference: "8Base-Ansible-2.9", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1733", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1801735", }, ], notes: [ { category: "description", text: "A race condition flaw was found in Ansible Engine when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.", title: "Vulnerability description", }, { category: "summary", text: "ansible: insecure temporary directory when running become_user from become directive", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1733", }, { category: "external", summary: "RHBZ#1801735", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1733", url: "https://www.cve.org/CVERecord?id=CVE-2020-1733", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "This issue can be mitigated by mounting the proc filesystem with hidepid=2 option (https://www.kernel.org/doc/Documentation/filesystems/proc.txt). This way only the user used by Ansible will be able to perform the attack as users on the system will be able to access only their processes /proc/$PID/ directories.\n\nAlso note that mounting proc filesystem with hidepid=2 might require re-mounting it on unpatched kernels, due to a kernel bug (see https://unix.stackexchange.com/questions/584054/why-procfs-mount-option-only-working-on-remount), there will be hidepid=3 in the future (https://patchwork.kernel.org/patch/11310217/).", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: insecure temporary directory when running become_user from become directive", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1735", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802085", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.", title: "Vulnerability description", }, { category: "summary", text: "ansible: path injection on dest parameter in fetch module", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "RHBZ#1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1735", url: "https://www.cve.org/CVERecord?id=CVE-2020-1735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: path injection on dest parameter in fetch module", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1737", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-02-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802154", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Extract-Zip function in win_unzip module does not check extracted path", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "RHBZ#1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1737", url: "https://www.cve.org/CVERecord?id=CVE-2020-1737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: Extract-Zip function in win_unzip module does not check extracted path", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1739", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802178", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "Vulnerability description", }, { category: "summary", text: "ansible: svn module leaks password when specified as a parameter", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "RHBZ#1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1739", url: "https://www.cve.org/CVERecord?id=CVE-2020-1739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "Instead of using the parameter 'password' of the subversion module, provide the password with stdin.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: svn module leaks password when specified as a parameter", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1740", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802193", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.", title: "Vulnerability description", }, { category: "summary", text: "ansible: secrets readable after ansible-vault edit", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "RHBZ#1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1740", url: "https://www.cve.org/CVERecord?id=CVE-2020-1740", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the 'edit' option from 'ansible-vault' command line tool.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: secrets readable after ansible-vault edit", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-1746", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2019-12-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1805491", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "RHBZ#1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1746", url: "https://www.cve.org/CVERecord?id=CVE-2020-1746", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", }, ], release_date: "2020-02-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", }, { acknowledgments: [ { names: [ "Abhijeet Kasurde", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2020-1753", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, discovery_date: "2020-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1811008", }, ], notes: [ { category: "description", text: "A security flaw was found in the Ansible Engine when managing Kubernetes using the k8s connection plugin. Sensitive parameters such as passwords and tokens are passed to the kubectl command line instead of using environment variables or an input configuration file, which is safer. This flaw discloses passwords and tokens from the process list, and the no_log directive from the debug module would not be reflected in the underlying command-line tools options, displaying passwords and tokens on stdout and log files.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: kubectl connection plugin leaks sensitive information", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.17, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1753", }, { category: "external", summary: "RHBZ#1811008", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1811008", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1753", url: "https://www.cve.org/CVERecord?id=CVE-2020-1753", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", }, ], release_date: "2020-03-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "Currently, there is no mitigation for this issue.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: kubectl connection plugin leaks sensitive information", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10684", cwe: { id: "CWE-862", name: "Missing Authorization", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1815519", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: code injection when using ansible_facts as a subkey", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "RHBZ#1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10684", url: "https://www.cve.org/CVERecord?id=CVE-2020-10684", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", }, ], release_date: "2020-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Ansible: code injection when using ansible_facts as a subkey", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10685", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1814627", }, ], notes: [ { category: "description", text: "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: modules which use files encrypted with vault are not properly cleaned up", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "RHBZ#1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10685", url: "https://www.cve.org/CVERecord?id=CVE-2020-10685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", }, ], release_date: "2020-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: modules which use files encrypted with vault are not properly cleaned up", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-10691", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-03-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1817161", }, ], notes: [ { category: "description", text: "An archive traversal flaw was found in Ansible Engine when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: archive traversal vulnerability in ansible-galaxy collection install", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.9.6 as well as previous 2.9.x versions are affected. Ansible versions less than or equal to 2.8 are not affected by this vulnerability as this functionality was introduced on 2.9.\n\nAnsible Tower 3.6.3 as well as previous 3.6.x versions are affected as they use ansible-galaxy collections.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10691", }, { category: "external", summary: "RHBZ#1817161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1817161", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10691", url: "https://www.cve.org/CVERecord?id=CVE-2020-10691", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10691", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10691", }, ], release_date: "2020-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "A possible mitigation of archive traversal issue could be done by restricting file access control and directory write accesses for extracting tarball files. This is feasible only for scenarios when the destination path could be known and enforced beforehand.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: archive traversal vulnerability in ansible-galaxy collection install", }, ], }
rhba-2020_0547
Vulnerability from csaf_redhat
Published
2020-02-18 15:13
Modified
2024-11-22 14:26
Summary
Red Hat Bug Fix Advisory: Container Image Rebuild for Ansible Tower 3.4 Dependency
Notes
Topic
Container Image Rebuild for Ansible Tower 3.4 Dependency
Details
The ansible-tower-memcached container image has been updated for Red Hat Ansible Tower 3.4 for RHEL 7 to address security advisories:
RHSA-2019:2030
RHSA-2019:2118
RHSA-2019:2136
RHSA-2019:2197
RHSA-2019:2237
RHSA-2019:2304
RHSA-2019:4190
RHSA-2020:0227
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Container Image Rebuild for Ansible Tower 3.4 Dependency", title: "Topic", }, { category: "general", text: "The ansible-tower-memcached container image has been updated for Red Hat Ansible Tower 3.4 for RHEL 7 to address security advisories:\n\nRHSA-2019:2030\nRHSA-2019:2118\nRHSA-2019:2136\nRHSA-2019:2197\nRHSA-2019:2237\nRHSA-2019:2304\nRHSA-2019:4190\nRHSA-2020:0227", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2020:0547", url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "external", summary: "https://access.redhat.com/errata/RHSA-2019:2030", url: "https://access.redhat.com/errata/RHSA-2019:2030", }, { category: "external", summary: "https://access.redhat.com/errata/RHSA-2019:2118", url: "https://access.redhat.com/errata/RHSA-2019:2118", }, { category: "external", summary: "https://access.redhat.com/errata/RHSA-2019:2136", url: "https://access.redhat.com/errata/RHSA-2019:2136", }, { category: "external", summary: "https://access.redhat.com/errata/RHSA-2019:2197", url: "https://access.redhat.com/errata/RHSA-2019:2197", }, { category: "external", summary: "https://access.redhat.com/errata/RHSA-2019:2237", url: "https://access.redhat.com/errata/RHSA-2019:2237", }, { category: "external", summary: "https://access.redhat.com/errata/RHSA-2019:2304", url: "https://access.redhat.com/errata/RHSA-2019:2304", }, { category: "external", summary: "https://access.redhat.com/errata/RHSA-2019:4190", url: "https://access.redhat.com/errata/RHSA-2019:4190", }, { category: "external", summary: "https://access.redhat.com/errata/RHSA-2020:0227", url: "https://access.redhat.com/errata/RHSA-2020:0227", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhba-2020_0547.json", }, ], title: "Red Hat Bug Fix Advisory: Container Image Rebuild for Ansible Tower 3.4 Dependency", tracking: { current_release_date: "2024-11-22T14:26:18+00:00", generator: { date: "2024-11-22T14:26:18+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHBA-2020:0547", initial_release_date: "2020-02-18T15:13:57+00:00", revision_history: [ { date: "2020-02-18T15:13:57+00:00", number: "1", summary: "Initial version", }, { date: "2020-02-18T15:13:57+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T14:26:18+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Ansible Tower 3.4 for RHEL 7 Server", product: { name: "Red Hat Ansible Tower 3.4 for RHEL 7 Server", product_id: "7Server-Ansible-Tower-3.4", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_tower:3.4::el7", }, }, }, ], category: "product_family", name: "Red Hat Ansible Tower", }, { branches: [ { category: "product_version", name: "ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product: { name: "ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product_id: "ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product_identification_helper: { purl: "pkg:oci/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c?arch=amd64&repository_url=registry.redhat.io/ansible-tower-37/ansible-tower-memcached-rhel7&tag=1.4.15-28", }, }, }, { category: "product_version", name: "ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product: { name: "ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product_id: "ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product_identification_helper: { purl: "pkg:oci/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c?arch=amd64&repository_url=registry.redhat.io/ansible-tower-35/ansible-tower-memcached&tag=1.4.15-28", }, }, }, { category: "product_version", name: "ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product: { name: "ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product_id: "ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product_identification_helper: { purl: "pkg:oci/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c?arch=amd64&repository_url=registry.redhat.io/ansible-tower-34/ansible-tower-memcached&tag=1.4.15-28", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64 as a component of Red Hat Ansible Tower 3.4 for RHEL 7 Server", product_id: "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", }, product_reference: "ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", relates_to_product_reference: "7Server-Ansible-Tower-3.4", }, { category: "default_component_of", full_product_name: { name: "ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64 as a component of Red Hat Ansible Tower 3.4 for RHEL 7 Server", product_id: "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", }, product_reference: "ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", relates_to_product_reference: "7Server-Ansible-Tower-3.4", }, { category: "default_component_of", full_product_name: { name: "ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64 as a component of Red Hat Ansible Tower 3.4 for RHEL 7 Server", product_id: "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", }, product_reference: "ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", relates_to_product_reference: "7Server-Ansible-Tower-3.4", }, ], }, vulnerabilities: [ { cve: "CVE-2016-10739", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2016-02-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1347549", }, ], notes: [ { category: "description", text: "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", title: "Vulnerability description", }, { category: "summary", text: "glibc: getaddrinfo should reject IP addresses with trailing characters", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-10739", }, { category: "external", summary: "RHBZ#1347549", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-10739", url: "https://www.cve.org/CVERecord?id=CVE-2016-10739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-10739", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-10739", }, ], release_date: "2016-04-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "glibc: getaddrinfo should reject IP addresses with trailing characters", }, { cve: "CVE-2018-0495", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2018-06-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1591163", }, ], notes: [ { category: "description", text: "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", title: "Vulnerability description", }, { category: "summary", text: "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", title: "Vulnerability summary", }, { category: "other", text: "Since the 5.8.3 release, Red Hat CloudForms no longer uses libtomcrypt.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-0495", }, { category: "external", summary: "RHBZ#1591163", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1591163", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-0495", url: "https://www.cve.org/CVERecord?id=CVE-2018-0495", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-0495", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-0495", }, { category: "external", summary: "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", url: "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", }, ], release_date: "2018-06-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", }, { cve: "CVE-2018-0734", cwe: { id: "CWE-385", name: "Covert Timing Channel", }, discovery_date: "2018-10-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1644364", }, ], notes: [ { category: "description", text: "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", title: "Vulnerability description", }, { category: "summary", text: "openssl: timing side channel attack in the DSA signature algorithm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-0734", }, { category: "external", summary: "RHBZ#1644364", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1644364", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-0734", url: "https://www.cve.org/CVERecord?id=CVE-2018-0734", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-0734", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-0734", }, ], release_date: "2018-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: timing side channel attack in the DSA signature algorithm", }, { acknowledgments: [ { names: [ "Qualys Research Labs", ], }, ], cve: "CVE-2018-1122", cwe: { id: "CWE-829", name: "Inclusion of Functionality from Untrusted Control Sphere", }, discovery_date: "2018-05-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1575466", }, ], notes: [ { category: "description", text: "If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", title: "Vulnerability description", }, { category: "summary", text: "procps: Local privilege escalation in top", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-1122", }, { category: "external", summary: "RHBZ#1575466", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1575466", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-1122", url: "https://www.cve.org/CVERecord?id=CVE-2018-1122", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1122", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1122", }, { category: "external", summary: "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt", url: "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt", }, ], release_date: "2018-05-17T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "procps: Local privilege escalation in top", }, { cve: "CVE-2018-5818", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2018-12-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1661608", }, ], notes: [ { category: "description", text: "An error within the \"parse_rollei()\" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.", title: "Vulnerability description", }, { category: "summary", text: "LibRaw: DoS in parse_rollei function in internal/dcraw_common.cpp", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-5818", }, { category: "external", summary: "RHBZ#1661608", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1661608", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-5818", url: "https://www.cve.org/CVERecord?id=CVE-2018-5818", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-5818", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-5818", }, ], release_date: "2018-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "LibRaw: DoS in parse_rollei function in internal/dcraw_common.cpp", }, { cve: "CVE-2018-5819", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-12-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1661604", }, ], notes: [ { category: "description", text: "An error within the \"parse_sinar_ia()\" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.", title: "Vulnerability description", }, { category: "summary", text: "LibRaw: DoS in parse_sinar_ia function in internal/dcraw_common.cpp", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-5819", }, { category: "external", summary: "RHBZ#1661604", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1661604", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-5819", url: "https://www.cve.org/CVERecord?id=CVE-2018-5819", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-5819", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-5819", }, ], release_date: "2018-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "LibRaw: DoS in parse_sinar_ia function in internal/dcraw_common.cpp", }, { cve: "CVE-2018-12404", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2018-12-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1657913", }, ], notes: [ { category: "description", text: "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", title: "Vulnerability description", }, { category: "summary", text: "nss: Cache side-channel variant of the Bleichenbacher attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-12404", }, { category: "external", summary: "RHBZ#1657913", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1657913", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-12404", url: "https://www.cve.org/CVERecord?id=CVE-2018-12404", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-12404", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-12404", }, ], release_date: "2018-11-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "nss: Cache side-channel variant of the Bleichenbacher attack", }, { cve: "CVE-2018-12641", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-06-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1594410", }, ], notes: [ { category: "description", text: "An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.", title: "Vulnerability description", }, { category: "summary", text: "binutils: Stack Exhaustion in the demangling functions provided by libiberty", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-12641", }, { category: "external", summary: "RHBZ#1594410", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1594410", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-12641", url: "https://www.cve.org/CVERecord?id=CVE-2018-12641", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-12641", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-12641", }, ], release_date: "2018-04-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "binutils: Stack Exhaustion in the demangling functions provided by libiberty", }, { cve: "CVE-2018-12697", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2018-06-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1595417", }, ], notes: [ { category: "description", text: "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.", title: "Vulnerability description", }, { category: "summary", text: "binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c.", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-12697", }, { category: "external", summary: "RHBZ#1595417", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1595417", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-12697", url: "https://www.cve.org/CVERecord?id=CVE-2018-12697", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-12697", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-12697", }, ], release_date: "2018-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c.", }, { acknowledgments: [ { names: [ "the Curl project", ], }, { names: [ "Zhaoyang Wu", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2018-14618", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2018-08-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1622707", }, ], notes: [ { category: "description", text: "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", title: "Vulnerability description", }, { category: "summary", text: "curl: NTLM password overflow via integer overflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14618", }, { category: "external", summary: "RHBZ#1622707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1622707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14618", url: "https://www.cve.org/CVERecord?id=CVE-2018-14618", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14618", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14618", }, { category: "external", summary: "https://curl.haxx.se/docs/CVE-2018-14618.html", url: "https://curl.haxx.se/docs/CVE-2018-14618.html", }, ], release_date: "2018-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: NTLM password overflow via integer overflow", }, { acknowledgments: [ { names: [ "the Python Security Response Team", ], }, ], cve: "CVE-2018-14647", cwe: { id: "CWE-335", name: "Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)", }, discovery_date: "2018-09-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1631822", }, ], notes: [ { category: "description", text: "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM.", title: "Vulnerability description", }, { category: "summary", text: "python: Missing salt initialization in _elementtree.c module", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14647", }, { category: "external", summary: "RHBZ#1631822", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1631822", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14647", url: "https://www.cve.org/CVERecord?id=CVE-2018-14647", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14647", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14647", }, { category: "external", summary: "https://bugs.python.org/issue34623", url: "https://bugs.python.org/issue34623", }, ], release_date: "2018-09-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: Missing salt initialization in _elementtree.c module", }, { acknowledgments: [ { names: [ "Jann Horn", ], organization: "Google Project Zero", }, { names: [ "Ubuntu", ], }, ], cve: "CVE-2018-15686", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2018-10-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1639071", }, ], notes: [ { category: "description", text: "It was discovered that systemd is vulnerable to a state injection attack when deserializing the state of a service. Properties longer than LINE_MAX are not correctly parsed and an attacker may abuse this flaw in particularly configured services to inject, change, or corrupt the service state.", title: "Vulnerability description", }, { category: "summary", text: "systemd: line splitting via fgets() allows for state injection during daemon-reexec", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-15686", }, { category: "external", summary: "RHBZ#1639071", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1639071", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-15686", url: "https://www.cve.org/CVERecord?id=CVE-2018-15686", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-15686", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-15686", }, ], release_date: "2018-10-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.6, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "systemd: line splitting via fgets() allows for state injection during daemon-reexec", }, { cve: "CVE-2018-16062", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2018-08-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1623752", }, ], notes: [ { category: "description", text: "An out-of-bounds read was discovered in elfutils in the way it reads DWARF address ranges information. Function dwarf_getaranges() in dwarf_getaranges.c does not properly check whether it reads beyond the limits of the ELF section. An attacker could use this flaw to cause a denial of service via a crafted file.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-16062", }, { category: "external", summary: "RHBZ#1623752", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1623752", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-16062", url: "https://www.cve.org/CVERecord?id=CVE-2018-16062", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-16062", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-16062", }, ], release_date: "2018-08-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", }, { cve: "CVE-2018-16402", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2018-09-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1625050", }, ], notes: [ { category: "description", text: "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-16402", }, { category: "external", summary: "RHBZ#1625050", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1625050", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-16402", url: "https://www.cve.org/CVERecord?id=CVE-2018-16402", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-16402", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-16402", }, ], release_date: "2018-08-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", }, { cve: "CVE-2018-16403", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2018-09-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1625055", }, ], notes: [ { category: "description", text: "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-16403", }, { category: "external", summary: "RHBZ#1625055", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1625055", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-16403", url: "https://www.cve.org/CVERecord?id=CVE-2018-16403", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-16403", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-16403", }, ], release_date: "2018-08-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", }, { acknowledgments: [ { names: [ "the Curl project", ], }, { names: [ "Brian Carpenter", ], organization: "Geeknik Labs", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2018-16842", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2018-10-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1644124", }, ], notes: [ { category: "description", text: "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", title: "Vulnerability description", }, { category: "summary", text: "curl: Heap-based buffer over-read in the curl tool warning formatting", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-16842", }, { category: "external", summary: "RHBZ#1644124", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1644124", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-16842", url: "https://www.cve.org/CVERecord?id=CVE-2018-16842", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-16842", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-16842", }, { category: "external", summary: "https://curl.haxx.se/docs/CVE-2018-16842.html", url: "https://curl.haxx.se/docs/CVE-2018-16842.html", }, ], release_date: "2018-10-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.6, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: Heap-based buffer over-read in the curl tool warning formatting", }, { acknowledgments: [ { names: [ "Qualys Research Labs", ], }, ], cve: "CVE-2018-16866", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2018-11-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1653867", }, ], notes: [ { category: "description", text: "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data.", title: "Vulnerability description", }, { category: "summary", text: "systemd: out-of-bounds read when parsing a crafted syslog message", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of systemd as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nRed Hat Virtualization Hypervisor and Management Appliance include vulnerable versions of systemd. However, since exploitation requires local access and impact is restricted to information disclosure, this flaw is rated as having a security issue of Low. Future updates may address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-16866", }, { category: "external", summary: "RHBZ#1653867", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1653867", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-16866", url: "https://www.cve.org/CVERecord?id=CVE-2018-16866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-16866", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-16866", }, { category: "external", summary: "https://www.qualys.com/2019/01/09/system-down/system-down.txt", url: "https://www.qualys.com/2019/01/09/system-down/system-down.txt", }, ], release_date: "2019-01-09T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "systemd: out-of-bounds read when parsing a crafted syslog message", }, { cve: "CVE-2018-16888", cwe: { id: "CWE-250", name: "Execution with Unnecessary Privileges", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1662867", }, ], notes: [ { category: "description", text: "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes.", title: "Vulnerability description", }, { category: "summary", text: "systemd: kills privileged process if unprivileged PIDFile was tampered", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-16888", }, { category: "external", summary: "RHBZ#1662867", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1662867", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-16888", url: "https://www.cve.org/CVERecord?id=CVE-2018-16888", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-16888", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-16888", }, ], release_date: "2017-08-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "systemd: kills privileged process if unprivileged PIDFile was tampered", }, { cve: "CVE-2018-18310", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2018-10-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1642604", }, ], notes: [ { category: "description", text: "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of elfutils as shipped with Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-18310", }, { category: "external", summary: "RHBZ#1642604", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1642604", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-18310", url: "https://www.cve.org/CVERecord?id=CVE-2018-18310", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-18310", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-18310", }, ], release_date: "2018-10-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", }, { cve: "CVE-2018-18520", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2018-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1646477", }, ], notes: [ { category: "description", text: "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: eu-size cannot handle recursive ar files", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of elfutils as shipped with Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-18520", }, { category: "external", summary: "RHBZ#1646477", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1646477", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-18520", url: "https://www.cve.org/CVERecord?id=CVE-2018-18520", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-18520", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-18520", }, ], release_date: "2018-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: eu-size cannot handle recursive ar files", }, { cve: "CVE-2018-18521", cwe: { id: "CWE-369", name: "Divide By Zero", }, discovery_date: "2018-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1646482", }, ], notes: [ { category: "description", text: "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of elfutils as shipped with Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-18521", }, { category: "external", summary: "RHBZ#1646482", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1646482", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-18521", url: "https://www.cve.org/CVERecord?id=CVE-2018-18521", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-18521", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-18521", }, ], release_date: "2018-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", }, { cve: "CVE-2018-20217", cwe: { id: "CWE-617", name: "Reachable Assertion", }, discovery_date: "2018-12-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1665296", }, ], notes: [ { category: "description", text: "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.", title: "Vulnerability description", }, { category: "summary", text: "krb5: Reachable assertion in the KDC using S4U2Self requests", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-20217", }, { category: "external", summary: "RHBZ#1665296", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1665296", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-20217", url: "https://www.cve.org/CVERecord?id=CVE-2018-20217", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-20217", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-20217", }, ], release_date: "2018-12-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "krb5: Reachable assertion in the KDC using S4U2Self requests", }, { cve: "CVE-2018-1000876", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2018-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1664699", }, ], notes: [ { category: "description", text: "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.", title: "Vulnerability description", }, { category: "summary", text: "binutils: integer overflow leads to heap-based buffer overflow in objdump", title: "Vulnerability summary", }, { category: "other", text: "The issue is classified as moderate severity primarily because of the unlikelihood of running a 32bit compiled objdump and/or having a compiled binary that uses 32bit compiled binutils libraries to analyze binaries from a not trusted source. Moreover, binutils does not handle privileged operations, meaning exploitation is unlikely to lead to system compromise or escalation of privileges. Additionally, the impact is localized to the application itself, without affecting the broader system or network security. \n\nAs per upstream binutils security policy this issue is not considered as a security flaw. Basically the key element of the policy that affects this is the understanding that analysis of untrusted binaries must always be done in a sandbox because the ELF format is open ended enough to make the analysis tools do anything, like including and processing arbitrary files. This eliminates the only possible vulnerability vector here, which is the possibility of a user being tricked into downloading and analyzing an untrusted ELF without sandboxing.\n\nSee the binutils security policy for more details:\nhttps://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-1000876", }, { category: "external", summary: "RHBZ#1664699", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1664699", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-1000876", url: "https://www.cve.org/CVERecord?id=CVE-2018-1000876", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1000876", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1000876", }, ], release_date: "2018-12-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "binutils: integer overflow leads to heap-based buffer overflow in objdump", }, { cve: "CVE-2019-1559", cwe: { id: "CWE-325", name: "Missing Cryptographic Step", }, discovery_date: "2019-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1683804", }, ], notes: [ { category: "description", text: "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", title: "Vulnerability description", }, { category: "summary", text: "openssl: 0-byte record padding oracle", title: "Vulnerability summary", }, { category: "other", text: "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n - The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n - the attacker has to be a MITM\n - the attacker has to be able to control the client side to send requests to the buggy server on demand", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-1559", }, { category: "external", summary: "RHBZ#1683804", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1683804", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-1559", url: "https://www.cve.org/CVERecord?id=CVE-2019-1559", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-1559", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-1559", }, { category: "external", summary: "https://github.com/RUB-NDS/TLS-Padding-Oracles", url: "https://github.com/RUB-NDS/TLS-Padding-Oracles", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20190226.txt", url: "https://www.openssl.org/news/secadv/20190226.txt", }, ], release_date: "2019-02-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: 0-byte record padding oracle", }, { acknowledgments: [ { names: [ "the libssh2 project", ], }, { names: [ "Chris Coulson", ], organization: "Canonical Ltd.", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-3858", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2019-03-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1687306", }, ], notes: [ { category: "description", text: "An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.", title: "Vulnerability description", }, { category: "summary", text: "libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read", title: "Vulnerability summary", }, { category: "other", text: "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.\n\nlibssh2 is no longer included in the virt module since Red Hat Enterprise Linux 8.1.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-3858", }, { category: "external", summary: "RHBZ#1687306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1687306", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-3858", url: "https://www.cve.org/CVERecord?id=CVE-2019-3858", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-3858", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-3858", }, { category: "external", summary: "https://www.libssh2.org/CVE-2019-3858.html", url: "https://www.libssh2.org/CVE-2019-3858.html", }, ], release_date: "2019-03-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read", }, { acknowledgments: [ { names: [ "the libssh2 project", ], }, { names: [ "Chris Coulson", ], organization: "Canonical Ltd.", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-3861", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2019-03-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1687311", }, ], notes: [ { category: "description", text: "An out of bounds read flaw was discovered in libssh2 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.", title: "Vulnerability description", }, { category: "summary", text: "libssh2: Out-of-bounds reads with specially crafted SSH packets", title: "Vulnerability summary", }, { category: "other", text: "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.\n\nlibssh2 is no longer included in the virt module since Red Hat Enterprise Linux 8.1.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-3861", }, { category: "external", summary: "RHBZ#1687311", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1687311", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-3861", url: "https://www.cve.org/CVERecord?id=CVE-2019-3861", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-3861", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-3861", }, { category: "external", summary: "https://www.libssh2.org/CVE-2019-3861.html", url: "https://www.libssh2.org/CVE-2019-3861.html", }, ], release_date: "2019-03-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libssh2: Out-of-bounds reads with specially crafted SSH packets", }, { acknowledgments: [ { names: [ "the libssh2 project", ], }, { names: [ "Chris Coulson", ], organization: "Canonical Ltd.", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-3862", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, discovery_date: "2019-03-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1687312", }, ], notes: [ { category: "description", text: "An out of bounds read flaw was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.", title: "Vulnerability description", }, { category: "summary", text: "libssh2: Out-of-bounds memory comparison with specially crafted message channel request", title: "Vulnerability summary", }, { category: "other", text: "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.\n\nlibssh2 is no longer included in the virt module since Red Hat Enterprise Linux 8.1.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-3862", }, { category: "external", summary: "RHBZ#1687312", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1687312", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-3862", url: "https://www.cve.org/CVERecord?id=CVE-2019-3862", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-3862", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-3862", }, { category: "external", summary: "https://www.libssh2.org/CVE-2019-3862.html", url: "https://www.libssh2.org/CVE-2019-3862.html", }, ], release_date: "2019-03-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libssh2: Out-of-bounds memory comparison with specially crafted message channel request", }, { cve: "CVE-2019-5010", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2019-01-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666519", }, ], notes: [ { category: "description", text: "A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.", title: "Vulnerability description", }, { category: "summary", text: "python: NULL pointer dereference using a specially crafted X509 certificate", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 5 and 6.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-5010", }, { category: "external", summary: "RHBZ#1666519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-5010", url: "https://www.cve.org/CVERecord?id=CVE-2019-5010", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-5010", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-5010", }, { category: "external", summary: "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", url: "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", }, ], release_date: "2019-01-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: NULL pointer dereference using a specially crafted X509 certificate", }, { cve: "CVE-2019-7149", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2019-01-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1671443", }, ], notes: [ { category: "description", text: "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-7149", }, { category: "external", summary: "RHBZ#1671443", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671443", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-7149", url: "https://www.cve.org/CVERecord?id=CVE-2019-7149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-7149", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-7149", }, ], release_date: "2019-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", }, { cve: "CVE-2019-7150", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2019-01-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1671446", }, ], notes: [ { category: "description", text: "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-7150", }, { category: "external", summary: "RHBZ#1671446", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671446", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-7150", url: "https://www.cve.org/CVERecord?id=CVE-2019-7150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-7150", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-7150", }, ], release_date: "2018-10-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", }, { cve: "CVE-2019-7664", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2019-02-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1677536", }, ], notes: [ { category: "description", text: "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", title: "Vulnerability description", }, { category: "summary", text: "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-7664", }, { category: "external", summary: "RHBZ#1677536", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677536", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-7664", url: "https://www.cve.org/CVERecord?id=CVE-2019-7664", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-7664", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-7664", }, ], release_date: "2019-01-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", }, { cve: "CVE-2019-7665", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-02-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1677538", }, ], notes: [ { category: "description", text: "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-7665", }, { category: "external", summary: "RHBZ#1677538", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677538", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-7665", url: "https://www.cve.org/CVERecord?id=CVE-2019-7665", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-7665", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-7665", }, ], release_date: "2019-01-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", }, { cve: "CVE-2019-9740", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2019-03-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1688169", }, ], notes: [ { category: "description", text: "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.", title: "Vulnerability description", }, { category: "summary", text: "python: CRLF injection via the query part of the url passed to urlopen()", title: "Vulnerability summary", }, { category: "other", text: "This issue affects:\n* All current versions of Red Hat OpenStack Platform. However, version 8 is due to retire on the 20th of April 2019, there are no more planned releases prior to this date.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9740", }, { category: "external", summary: "RHBZ#1688169", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1688169", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9740", url: "https://www.cve.org/CVERecord?id=CVE-2019-9740", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9740", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9740", }, ], release_date: "2019-03-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: CRLF injection via the query part of the url passed to urlopen()", }, { cve: "CVE-2019-9947", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2019-03-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1695572", }, ], notes: [ { category: "description", text: "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.", title: "Vulnerability description", }, { category: "summary", text: "python: CRLF injection via the path part of the url passed to urlopen()", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9947", }, { category: "external", summary: "RHBZ#1695572", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1695572", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9947", url: "https://www.cve.org/CVERecord?id=CVE-2019-9947", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9947", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9947", }, ], release_date: "2019-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: CRLF injection via the path part of the url passed to urlopen()", }, { cve: "CVE-2019-9948", cwe: { id: "CWE-749", name: "Exposed Dangerous Method or Function", }, discovery_date: "2019-03-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1695570", }, ], notes: [ { category: "description", text: "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", title: "Vulnerability description", }, { category: "summary", text: "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9948", }, { category: "external", summary: "RHBZ#1695570", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1695570", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9948", url: "https://www.cve.org/CVERecord?id=CVE-2019-9948", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9948", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9948", }, ], release_date: "2019-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "If your application uses a blacklist to prevent \"file://\" schema from being used, consider using a whitelist approach to just allow the schemas you want or add \"local_file://\" schema to your blacklist.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", }, { acknowledgments: [ { names: [ "the Mozilla project", ], }, { names: [ "Jonas Allmann", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-11729", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, discovery_date: "2019-07-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1728437", }, ], notes: [ { category: "description", text: "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.", title: "Vulnerability description", }, { category: "summary", text: "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", title: "Vulnerability summary", }, { category: "other", text: "Firefox on Red Hat Enterprise Linux is built against the system nss library.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11729", }, { category: "external", summary: "RHBZ#1728437", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1728437", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11729", url: "https://www.cve.org/CVERecord?id=CVE-2019-11729", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11729", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11729", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", }, ], release_date: "2019-07-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", }, { acknowledgments: [ { names: [ "the Mozilla Project", ], }, ], cve: "CVE-2019-11745", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2019-11-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1774831", }, ], notes: [ { category: "description", text: "A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well.", title: "Vulnerability description", }, { category: "summary", text: "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", title: "Vulnerability summary", }, { category: "other", text: "Firefox and Thunderbird on Red Hat Enterprise Linux are built against the system nss library.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11745", }, { category: "external", summary: "RHBZ#1774831", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1774831", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11745", url: "https://www.cve.org/CVERecord?id=CVE-2019-11745", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11745", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11745", }, { category: "external", summary: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", }, { category: "external", summary: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", }, ], release_date: "2019-11-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", }, { cve: "CVE-2019-13734", discovery_date: "2019-12-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1781980", }, ], notes: [ { category: "description", text: "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "Vulnerability description", }, { category: "summary", text: "sqlite: fts3: improve shadow table corruption detection", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-13734", }, { category: "external", summary: "RHBZ#1781980", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1781980", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-13734", url: "https://www.cve.org/CVERecord?id=CVE-2019-13734", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-13734", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-13734", }, { category: "external", summary: "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", }, ], release_date: "2019-12-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "sqlite: fts3: improve shadow table corruption detection", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1734", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, discovery_date: "2019-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1801804", }, ], notes: [ { category: "description", text: "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.", title: "Vulnerability description", }, { category: "summary", text: "ansible: shell enabled by default in a pipe lookup plugin subprocess", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1734", }, { category: "external", summary: "RHBZ#1801804", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801804", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1734", url: "https://www.cve.org/CVERecord?id=CVE-2020-1734", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1734", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1734", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "This issue can be avoided by escaping variables which are used in the lookup.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: shell enabled by default in a pipe lookup plugin subprocess", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1735", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802085", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.", title: "Vulnerability description", }, { category: "summary", text: "ansible: path injection on dest parameter in fetch module", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "RHBZ#1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1735", url: "https://www.cve.org/CVERecord?id=CVE-2020-1735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: path injection on dest parameter in fetch module", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1736", cwe: { id: "CWE-732", name: "Incorrect Permission Assignment for Critical Resource", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802124", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This issue affects only the newly created files and not existing ones. If the file already exists at the final destination, those permissions are retained. This could lead to the disclosure of sensitive data.", title: "Vulnerability description", }, { category: "summary", text: "ansible: atomic_move primitive sets permissive permissions", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.8.14 and 2.9.12 as well as previous versions and all 2.7.x versions are affected.\n\nAnsible Tower 3.6.5 and 3.7.2 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1736", }, { category: "external", summary: "RHBZ#1802124", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802124", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1736", url: "https://www.cve.org/CVERecord?id=CVE-2020-1736", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1736", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1736", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "This issue can be mitigated by specifying the \"mode\" on the task. That just leaves a race condition in place where newly created files that specify a mode in the task briefly go from 666 - umask to the final mode. An alternative workaround if many new files are created and to avoid setting a specific mode for each file would be to set the \"mode\" to \"preserve\" value. That will maintain the permissions of the source file on the controller in the final file on the managed host.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.2, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: atomic_move primitive sets permissive permissions", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1737", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-02-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802154", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Extract-Zip function in win_unzip module does not check extracted path", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "RHBZ#1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1737", url: "https://www.cve.org/CVERecord?id=CVE-2020-1737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: Extract-Zip function in win_unzip module does not check extracted path", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1738", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802164", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file.", title: "Vulnerability description", }, { category: "summary", text: "ansible: module package can be selected by the ansible facts", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1738", }, { category: "external", summary: "RHBZ#1802164", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802164", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1738", url: "https://www.cve.org/CVERecord?id=CVE-2020-1738", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1738", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1738", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Specify the parameter 'use' when possible on the package and service modules. Avoid using Ansible Collections on Ansible 2.8.9 or 2.7.16 (and any of the previous versions) as they are not rejecting python with no path (already fixed in 2.9.x).", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: module package can be selected by the ansible facts", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1739", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802178", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "Vulnerability description", }, { category: "summary", text: "ansible: svn module leaks password when specified as a parameter", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "RHBZ#1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1739", url: "https://www.cve.org/CVERecord?id=CVE-2020-1739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Instead of using the parameter 'password' of the subversion module, provide the password with stdin.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: svn module leaks password when specified as a parameter", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1740", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802193", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.", title: "Vulnerability description", }, { category: "summary", text: "ansible: secrets readable after ansible-vault edit", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "RHBZ#1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1740", url: "https://www.cve.org/CVERecord?id=CVE-2020-1740", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the 'edit' option from 'ansible-vault' command line tool.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: secrets readable after ansible-vault edit", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-1746", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2019-12-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1805491", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "RHBZ#1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1746", url: "https://www.cve.org/CVERecord?id=CVE-2020-1746", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", }, ], release_date: "2020-02-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", }, { acknowledgments: [ { names: [ "Abhijeet Kasurde", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2020-1753", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, discovery_date: "2020-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1811008", }, ], notes: [ { category: "description", text: "A security flaw was found in the Ansible Engine when managing Kubernetes using the k8s connection plugin. Sensitive parameters such as passwords and tokens are passed to the kubectl command line instead of using environment variables or an input configuration file, which is safer. This flaw discloses passwords and tokens from the process list, and the no_log directive from the debug module would not be reflected in the underlying command-line tools options, displaying passwords and tokens on stdout and log files.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: kubectl connection plugin leaks sensitive information", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.17, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1753", }, { category: "external", summary: "RHBZ#1811008", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1811008", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1753", url: "https://www.cve.org/CVERecord?id=CVE-2020-1753", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", }, ], release_date: "2020-03-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Currently, there is no mitigation for this issue.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: kubectl connection plugin leaks sensitive information", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10684", cwe: { id: "CWE-862", name: "Missing Authorization", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1815519", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: code injection when using ansible_facts as a subkey", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "RHBZ#1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10684", url: "https://www.cve.org/CVERecord?id=CVE-2020-10684", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", }, ], release_date: "2020-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Ansible: code injection when using ansible_facts as a subkey", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10685", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1814627", }, ], notes: [ { category: "description", text: "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: modules which use files encrypted with vault are not properly cleaned up", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "RHBZ#1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10685", url: "https://www.cve.org/CVERecord?id=CVE-2020-10685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", }, ], release_date: "2020-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: modules which use files encrypted with vault are not properly cleaned up", }, ], }
rhsa-2020:1544
Vulnerability from csaf_redhat
Published
2020-04-22 14:11
Modified
2024-11-15 08:28
Summary
Red Hat Security Advisory: Ansible security and bug fix update (2.7.17)
Notes
Topic
An update for ansible is now available for Ansible Engine 2.7
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Ansible is a simple model-driven configuration management, multi-node
deployment, and remote-task execution system. Ansible works over SSH and
does not require any software or daemons to be installed on remote nodes.
Extension modules can be written in any language and are transferred to
managed machines automatically.
The following packages have been upgraded to a newer upstream version:
ansible (2.7.17)
Bug Fix(es):
* CVE-2020-10684 Ansible: code injection when using ansible_facts as a
subkey
* CVE-2020-10685 Ansible: modules which use files encrypted with vault are
not properly cleaned up
* CVE-2020-1733 ansible: insecure temporary directory when running
become_user from become directive
* CVE-2020-1735 ansible: path injection on dest parameter in fetch module
* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not
check extracted path
* CVE-2020-1739 ansible: svn module leaks password when specified as a
parameter
* CVE-2020-1740 ansible: secrets readable after ansible-vault edit
* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and
ldap_entry modules
See:
https://github.com/ansible/ansible/blob/v2.7.17/changelogs/CHANGELOG-v2.7.rst
for details on bug fixes in this release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for ansible is now available for Ansible Engine 2.7\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Ansible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH and\ndoes not require any software or daemons to be installed on remote nodes.\nExtension modules can be written in any language and are transferred to\nmanaged machines automatically.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.7.17)\n\nBug Fix(es):\n* CVE-2020-10684 Ansible: code injection when using ansible_facts as a\nsubkey\n* CVE-2020-10685 Ansible: modules which use files encrypted with vault are\nnot properly cleaned up\n* CVE-2020-1733 ansible: insecure temporary directory when running\nbecome_user from become directive\n* CVE-2020-1735 ansible: path injection on dest parameter in fetch module\n* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not\ncheck extracted path\n* CVE-2020-1739 ansible: svn module leaks password when specified as a\nparameter\n* CVE-2020-1740 ansible: secrets readable after ansible-vault edit\n* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and\nldap_entry modules\n\nSee:\nhttps://github.com/ansible/ansible/blob/v2.7.17/changelogs/CHANGELOG-v2.7.rst\nfor details on bug fixes in this release.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2020:1544", url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1801735", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", }, { category: "external", summary: "1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1544.json", }, ], title: "Red Hat Security Advisory: Ansible security and bug fix update (2.7.17)", tracking: { current_release_date: "2024-11-15T08:28:56+00:00", generator: { date: "2024-11-15T08:28:56+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2020:1544", initial_release_date: "2020-04-22T14:11:01+00:00", revision_history: [ { date: "2020-04-22T14:11:01+00:00", number: "1", summary: "Initial version", }, { date: "2020-04-22T14:11:01+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-15T08:28:56+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Ansible Engine 2.7 for RHEL 7 Server", product: { name: "Red Hat Ansible Engine 2.7 for RHEL 7 Server", product_id: "7Server-Ansible-2.7", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_engine:2.7::el7", }, }, }, ], category: "product_family", name: "Red Hat Ansible Engine", }, { branches: [ { category: "product_version", name: "ansible-0:2.7.17-1.el7ae.noarch", product: { name: "ansible-0:2.7.17-1.el7ae.noarch", product_id: "ansible-0:2.7.17-1.el7ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.7.17-1.el7ae?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "ansible-0:2.7.17-1.el7ae.src", product: { name: "ansible-0:2.7.17-1.el7ae.src", product_id: "ansible-0:2.7.17-1.el7ae.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.7.17-1.el7ae?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-0:2.7.17-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.7 for RHEL 7 Server", product_id: "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", }, product_reference: "ansible-0:2.7.17-1.el7ae.noarch", relates_to_product_reference: "7Server-Ansible-2.7", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.7.17-1.el7ae.src as a component of Red Hat Ansible Engine 2.7 for RHEL 7 Server", product_id: "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", }, product_reference: "ansible-0:2.7.17-1.el7ae.src", relates_to_product_reference: "7Server-Ansible-2.7", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1733", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1801735", }, ], notes: [ { category: "description", text: "A race condition flaw was found in Ansible Engine when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.", title: "Vulnerability description", }, { category: "summary", text: "ansible: insecure temporary directory when running become_user from become directive", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1733", }, { category: "external", summary: "RHBZ#1801735", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1733", url: "https://www.cve.org/CVERecord?id=CVE-2020-1733", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:01+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "workaround", details: "This issue can be mitigated by mounting the proc filesystem with hidepid=2 option (https://www.kernel.org/doc/Documentation/filesystems/proc.txt). This way only the user used by Ansible will be able to perform the attack as users on the system will be able to access only their processes /proc/$PID/ directories.\n\nAlso note that mounting proc filesystem with hidepid=2 might require re-mounting it on unpatched kernels, due to a kernel bug (see https://unix.stackexchange.com/questions/584054/why-procfs-mount-option-only-working-on-remount), there will be hidepid=3 in the future (https://patchwork.kernel.org/patch/11310217/).", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: insecure temporary directory when running become_user from become directive", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1735", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802085", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.", title: "Vulnerability description", }, { category: "summary", text: "ansible: path injection on dest parameter in fetch module", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "RHBZ#1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1735", url: "https://www.cve.org/CVERecord?id=CVE-2020-1735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:01+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: path injection on dest parameter in fetch module", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1737", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-02-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802154", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Extract-Zip function in win_unzip module does not check extracted path", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "RHBZ#1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1737", url: "https://www.cve.org/CVERecord?id=CVE-2020-1737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:01+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: Extract-Zip function in win_unzip module does not check extracted path", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1739", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802178", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "Vulnerability description", }, { category: "summary", text: "ansible: svn module leaks password when specified as a parameter", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "RHBZ#1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1739", url: "https://www.cve.org/CVERecord?id=CVE-2020-1739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:01+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "workaround", details: "Instead of using the parameter 'password' of the subversion module, provide the password with stdin.", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: svn module leaks password when specified as a parameter", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1740", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802193", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.", title: "Vulnerability description", }, { category: "summary", text: "ansible: secrets readable after ansible-vault edit", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "RHBZ#1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1740", url: "https://www.cve.org/CVERecord?id=CVE-2020-1740", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:01+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the 'edit' option from 'ansible-vault' command line tool.", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: secrets readable after ansible-vault edit", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-1746", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2019-12-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1805491", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "RHBZ#1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1746", url: "https://www.cve.org/CVERecord?id=CVE-2020-1746", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", }, ], release_date: "2020-02-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:01+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "workaround", details: "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10684", cwe: { id: "CWE-862", name: "Missing Authorization", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1815519", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: code injection when using ansible_facts as a subkey", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "RHBZ#1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10684", url: "https://www.cve.org/CVERecord?id=CVE-2020-10684", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", }, ], release_date: "2020-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:01+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "workaround", details: "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Ansible: code injection when using ansible_facts as a subkey", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10685", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1814627", }, ], notes: [ { category: "description", text: "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: modules which use files encrypted with vault are not properly cleaned up", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "RHBZ#1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10685", url: "https://www.cve.org/CVERecord?id=CVE-2020-10685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", }, ], release_date: "2020-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:01+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.", product_ids: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: modules which use files encrypted with vault are not properly cleaned up", }, ], }
rhsa-2020:1543
Vulnerability from csaf_redhat
Published
2020-04-22 14:11
Modified
2025-03-19 15:12
Summary
Red Hat Security Advisory: Ansible security and bug fix update (2.8.11)
Notes
Topic
An update for ansible is now available for Ansible Engine 2.8
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Ansible is a simple model-driven configuration management, multi-node
deployment, and remote-task execution system. Ansible works over SSH and
does not require any software or daemons to be installed on remote nodes.
Extension modules can be written in any language and are transferred to
managed machines automatically.
The following packages have been upgraded to a newer upstream version:
ansible (2.8.11)
Bug Fix(es):
* CVE-2020-10684 Ansible: code injection when using ansible_facts as a
subkey
* CVE-2020-10685 Ansible: modules which use files encrypted with vault are
not properly cleaned up
* CVE-2020-1733 ansible: insecure temporary directory when running
become_user from become directive
* CVE-2020-1735 ansible: path injection on dest parameter in fetch module
* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not
check extracted path
* CVE-2020-1739 ansible: svn module leaks password when specified as a
parameter
* CVE-2020-1740 ansible: secrets readable after ansible-vault edit
* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and
ldap_entry modules
See:
https://github.com/ansible/ansible/blob/v2.8.11/changelogs/CHANGELOG-v2.8.rst
for details on bug fixes in this release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for ansible is now available for Ansible Engine 2.8\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Ansible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH and\ndoes not require any software or daemons to be installed on remote nodes.\nExtension modules can be written in any language and are transferred to\nmanaged machines automatically.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.8.11)\n\nBug Fix(es):\n* CVE-2020-10684 Ansible: code injection when using ansible_facts as a\nsubkey\n* CVE-2020-10685 Ansible: modules which use files encrypted with vault are\nnot properly cleaned up\n* CVE-2020-1733 ansible: insecure temporary directory when running\nbecome_user from become directive\n* CVE-2020-1735 ansible: path injection on dest parameter in fetch module\n* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not\ncheck extracted path\n* CVE-2020-1739 ansible: svn module leaks password when specified as a\nparameter\n* CVE-2020-1740 ansible: secrets readable after ansible-vault edit\n* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and\nldap_entry modules\n\nSee:\nhttps://github.com/ansible/ansible/blob/v2.8.11/changelogs/CHANGELOG-v2.8.rst\nfor details on bug fixes in this release.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2020:1543", url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1801735", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", }, { category: "external", summary: "1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1543.json", }, ], title: "Red Hat Security Advisory: Ansible security and bug fix update (2.8.11)", tracking: { current_release_date: "2025-03-19T15:12:49+00:00", generator: { date: "2025-03-19T15:12:49+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2020:1543", initial_release_date: "2020-04-22T14:11:07+00:00", revision_history: [ { date: "2020-04-22T14:11:07+00:00", number: "1", summary: "Initial version", }, { date: "2020-04-22T14:11:07+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-19T15:12:49+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Ansible Engine 2.8 for RHEL 7 Server", product: { name: "Red Hat Ansible Engine 2.8 for RHEL 7 Server", product_id: "7Server-Ansible-2.8", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_engine:2.8::el7", }, }, }, { category: "product_name", name: "Red Hat Ansible Engine 2.8 for RHEL 8", product: { name: "Red Hat Ansible Engine 2.8 for RHEL 8", product_id: "8Base-Ansible-2.8", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_engine:2.8::el8", }, }, }, ], category: "product_family", name: "Red Hat Ansible Engine", }, { branches: [ { category: "product_version", name: "ansible-0:2.8.11-1.el7ae.noarch", product: { name: "ansible-0:2.8.11-1.el7ae.noarch", product_id: "ansible-0:2.8.11-1.el7ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.8.11-1.el7ae?arch=noarch", }, }, }, { category: "product_version", name: "ansible-0:2.8.11-1.el8ae.noarch", product: { name: "ansible-0:2.8.11-1.el8ae.noarch", product_id: "ansible-0:2.8.11-1.el8ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.8.11-1.el8ae?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "ansible-0:2.8.11-1.el7ae.src", product: { name: "ansible-0:2.8.11-1.el7ae.src", product_id: "ansible-0:2.8.11-1.el7ae.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.8.11-1.el7ae?arch=src", }, }, }, { category: "product_version", name: "ansible-0:2.8.11-1.el8ae.src", product: { name: "ansible-0:2.8.11-1.el8ae.src", product_id: "ansible-0:2.8.11-1.el8ae.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.8.11-1.el8ae?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-0:2.8.11-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.8 for RHEL 7 Server", product_id: "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", }, product_reference: "ansible-0:2.8.11-1.el7ae.noarch", relates_to_product_reference: "7Server-Ansible-2.8", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.8.11-1.el7ae.src as a component of Red Hat Ansible Engine 2.8 for RHEL 7 Server", product_id: "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", }, product_reference: "ansible-0:2.8.11-1.el7ae.src", relates_to_product_reference: "7Server-Ansible-2.8", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.8.11-1.el8ae.noarch as a component of Red Hat Ansible Engine 2.8 for RHEL 8", product_id: "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", }, product_reference: "ansible-0:2.8.11-1.el8ae.noarch", relates_to_product_reference: "8Base-Ansible-2.8", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.8.11-1.el8ae.src as a component of Red Hat Ansible Engine 2.8 for RHEL 8", product_id: "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", }, product_reference: "ansible-0:2.8.11-1.el8ae.src", relates_to_product_reference: "8Base-Ansible-2.8", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1733", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1801735", }, ], notes: [ { category: "description", text: "A race condition flaw was found in Ansible Engine when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.", title: "Vulnerability description", }, { category: "summary", text: "ansible: insecure temporary directory when running become_user from become directive", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1733", }, { category: "external", summary: "RHBZ#1801735", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1733", url: "https://www.cve.org/CVERecord?id=CVE-2020-1733", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:07+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "workaround", details: "This issue can be mitigated by mounting the proc filesystem with hidepid=2 option (https://www.kernel.org/doc/Documentation/filesystems/proc.txt). This way only the user used by Ansible will be able to perform the attack as users on the system will be able to access only their processes /proc/$PID/ directories.\n\nAlso note that mounting proc filesystem with hidepid=2 might require re-mounting it on unpatched kernels, due to a kernel bug (see https://unix.stackexchange.com/questions/584054/why-procfs-mount-option-only-working-on-remount), there will be hidepid=3 in the future (https://patchwork.kernel.org/patch/11310217/).", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: insecure temporary directory when running become_user from become directive", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1735", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802085", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.", title: "Vulnerability description", }, { category: "summary", text: "ansible: path injection on dest parameter in fetch module", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "RHBZ#1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1735", url: "https://www.cve.org/CVERecord?id=CVE-2020-1735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:07+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: path injection on dest parameter in fetch module", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1737", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-02-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802154", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Extract-Zip function in win_unzip module does not check extracted path", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "RHBZ#1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1737", url: "https://www.cve.org/CVERecord?id=CVE-2020-1737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:07+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: Extract-Zip function in win_unzip module does not check extracted path", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1739", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802178", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "Vulnerability description", }, { category: "summary", text: "ansible: svn module leaks password when specified as a parameter", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "RHBZ#1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1739", url: "https://www.cve.org/CVERecord?id=CVE-2020-1739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:07+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "workaround", details: "Instead of using the parameter 'password' of the subversion module, provide the password with stdin.", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: svn module leaks password when specified as a parameter", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1740", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802193", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.", title: "Vulnerability description", }, { category: "summary", text: "ansible: secrets readable after ansible-vault edit", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "RHBZ#1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1740", url: "https://www.cve.org/CVERecord?id=CVE-2020-1740", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:07+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the 'edit' option from 'ansible-vault' command line tool.", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: secrets readable after ansible-vault edit", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-1746", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2019-12-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1805491", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "RHBZ#1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1746", url: "https://www.cve.org/CVERecord?id=CVE-2020-1746", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", }, ], release_date: "2020-02-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:07+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "workaround", details: "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10684", cwe: { id: "CWE-862", name: "Missing Authorization", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1815519", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: code injection when using ansible_facts as a subkey", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "RHBZ#1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10684", url: "https://www.cve.org/CVERecord?id=CVE-2020-10684", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", }, ], release_date: "2020-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:07+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "workaround", details: "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Ansible: code injection when using ansible_facts as a subkey", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10685", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1814627", }, ], notes: [ { category: "description", text: "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: modules which use files encrypted with vault are not properly cleaned up", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "RHBZ#1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10685", url: "https://www.cve.org/CVERecord?id=CVE-2020-10685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", }, ], release_date: "2020-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:07+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: modules which use files encrypted with vault are not properly cleaned up", }, ], }
RHSA-2020:1542
Vulnerability from csaf_redhat
Published
2020-04-22 14:10
Modified
2024-11-22 14:31
Summary
Red Hat Security Advisory: Ansible security and bug fix update (2.9.7)
Notes
Topic
An update for ansible is now available for Ansible Engine 2
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Ansible is a simple model-driven configuration management, multi-node
deployment, and remote-task execution system. Ansible works over SSH and
does not require any software or daemons to be installed on remote nodes.
Extension modules can be written in any language and are transferred to
managed machines automatically.
The following packages have been upgraded to a newer upstream version:
ansible (2.9.7)
Bug Fix(es):
* CVE-2020-10684 Ansible: code injection when using ansible_facts as a
subkey
* CVE-2020-10685 Ansible: modules which use files encrypted with vault are
not properly cleaned up
* CVE-2020-10691 Ansible: archive traversal vulnerability in ansible-galaxy
collection install
* CVE-2020-1733 ansible: insecure temporary directory when running
become_user from become directive
* CVE-2020-1735 ansible: path injection on dest parameter in fetch module
* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not
check extracted path
* CVE-2020-1739 ansible: svn module leaks password when specified as a
parameter
* CVE-2020-1740 ansible: secrets readable after ansible-vault edit
* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and
ldap_entry modules
* CVE-2020-1753 Ansible: kubectl connection plugin leaks sensitive
information
See:
https://github.com/ansible/ansible/blob/v2.9.7/changelogs/CHANGELOG-v2.9.rst
for details on bug fixes in this release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for ansible is now available for Ansible Engine 2\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Ansible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH and\ndoes not require any software or daemons to be installed on remote nodes.\nExtension modules can be written in any language and are transferred to\nmanaged machines automatically.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.9.7)\n\nBug Fix(es):\n* CVE-2020-10684 Ansible: code injection when using ansible_facts as a\nsubkey\n* CVE-2020-10685 Ansible: modules which use files encrypted with vault are\nnot properly cleaned up\n* CVE-2020-10691 Ansible: archive traversal vulnerability in ansible-galaxy\ncollection install\n* CVE-2020-1733 ansible: insecure temporary directory when running\nbecome_user from become directive\n* CVE-2020-1735 ansible: path injection on dest parameter in fetch module\n* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not\ncheck extracted path\n* CVE-2020-1739 ansible: svn module leaks password when specified as a\nparameter\n* CVE-2020-1740 ansible: secrets readable after ansible-vault edit\n* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and\nldap_entry modules\n* CVE-2020-1753 Ansible: kubectl connection plugin leaks sensitive\ninformation\n\nSee:\nhttps://github.com/ansible/ansible/blob/v2.9.7/changelogs/CHANGELOG-v2.9.rst\nfor details on bug fixes in this release.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2020:1542", url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1801735", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", }, { category: "external", summary: "1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "1811008", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1811008", }, { category: "external", summary: "1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "1817161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1817161", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1542.json", }, ], title: "Red Hat Security Advisory: Ansible security and bug fix update (2.9.7)", tracking: { current_release_date: "2024-11-22T14:31:34+00:00", generator: { date: "2024-11-22T14:31:34+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2020:1542", initial_release_date: "2020-04-22T14:10:54+00:00", revision_history: [ { date: "2020-04-22T14:10:54+00:00", number: "1", summary: "Initial version", }, { date: "2020-04-22T14:10:54+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T14:31:34+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Ansible Engine 2 for RHEL 7", product: { name: "Red Hat Ansible Engine 2 for RHEL 7", product_id: "7Server-Ansible-2", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_engine:2::el7", }, }, }, { category: "product_name", name: "Red Hat Ansible Engine 2 for RHEL 8", product: { name: "Red Hat Ansible Engine 2 for RHEL 8", product_id: "8Base-Ansible-2", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_engine:2::el8", }, }, }, ], category: "product_family", name: "Red Hat Ansible Engine", }, { branches: [ { category: "product_version", name: "ansible-0:2.9.7-1.el7ae.noarch", product: { name: "ansible-0:2.9.7-1.el7ae.noarch", product_id: "ansible-0:2.9.7-1.el7ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.9.7-1.el7ae?arch=noarch", }, }, }, { category: "product_version", name: "ansible-test-0:2.9.7-1.el7ae.noarch", product: { name: "ansible-test-0:2.9.7-1.el7ae.noarch", product_id: "ansible-test-0:2.9.7-1.el7ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-test@2.9.7-1.el7ae?arch=noarch", }, }, }, { category: "product_version", name: "ansible-0:2.9.7-1.el8ae.noarch", product: { name: "ansible-0:2.9.7-1.el8ae.noarch", product_id: "ansible-0:2.9.7-1.el8ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.9.7-1.el8ae?arch=noarch", }, }, }, { category: "product_version", name: "ansible-test-0:2.9.7-1.el8ae.noarch", product: { name: "ansible-test-0:2.9.7-1.el8ae.noarch", product_id: "ansible-test-0:2.9.7-1.el8ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-test@2.9.7-1.el8ae?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "ansible-0:2.9.7-1.el7ae.src", product: { name: "ansible-0:2.9.7-1.el7ae.src", product_id: "ansible-0:2.9.7-1.el7ae.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.9.7-1.el7ae?arch=src", }, }, }, { category: "product_version", name: "ansible-0:2.9.7-1.el8ae.src", product: { name: "ansible-0:2.9.7-1.el8ae.src", product_id: "ansible-0:2.9.7-1.el8ae.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.9.7-1.el8ae?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-0:2.9.7-1.el7ae.noarch as a component of Red Hat Ansible Engine 2 for RHEL 7", product_id: "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", }, product_reference: "ansible-0:2.9.7-1.el7ae.noarch", relates_to_product_reference: "7Server-Ansible-2", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.9.7-1.el7ae.src as a component of Red Hat Ansible Engine 2 for RHEL 7", product_id: "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", }, product_reference: "ansible-0:2.9.7-1.el7ae.src", relates_to_product_reference: "7Server-Ansible-2", }, { category: "default_component_of", full_product_name: { name: "ansible-test-0:2.9.7-1.el7ae.noarch as a component of Red Hat Ansible Engine 2 for RHEL 7", product_id: "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", }, product_reference: "ansible-test-0:2.9.7-1.el7ae.noarch", relates_to_product_reference: "7Server-Ansible-2", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.9.7-1.el8ae.noarch as a component of Red Hat Ansible Engine 2 for RHEL 8", product_id: "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", }, product_reference: "ansible-0:2.9.7-1.el8ae.noarch", relates_to_product_reference: "8Base-Ansible-2", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.9.7-1.el8ae.src as a component of Red Hat Ansible Engine 2 for RHEL 8", product_id: "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", }, product_reference: "ansible-0:2.9.7-1.el8ae.src", relates_to_product_reference: "8Base-Ansible-2", }, { category: "default_component_of", full_product_name: { name: "ansible-test-0:2.9.7-1.el8ae.noarch as a component of Red Hat Ansible Engine 2 for RHEL 8", product_id: "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", }, product_reference: "ansible-test-0:2.9.7-1.el8ae.noarch", relates_to_product_reference: "8Base-Ansible-2", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1733", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1801735", }, ], notes: [ { category: "description", text: "A race condition flaw was found in Ansible Engine when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.", title: "Vulnerability description", }, { category: "summary", text: "ansible: insecure temporary directory when running become_user from become directive", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1733", }, { category: "external", summary: "RHBZ#1801735", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1733", url: "https://www.cve.org/CVERecord?id=CVE-2020-1733", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "This issue can be mitigated by mounting the proc filesystem with hidepid=2 option (https://www.kernel.org/doc/Documentation/filesystems/proc.txt). This way only the user used by Ansible will be able to perform the attack as users on the system will be able to access only their processes /proc/$PID/ directories.\n\nAlso note that mounting proc filesystem with hidepid=2 might require re-mounting it on unpatched kernels, due to a kernel bug (see https://unix.stackexchange.com/questions/584054/why-procfs-mount-option-only-working-on-remount), there will be hidepid=3 in the future (https://patchwork.kernel.org/patch/11310217/).", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: insecure temporary directory when running become_user from become directive", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1735", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802085", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.", title: "Vulnerability description", }, { category: "summary", text: "ansible: path injection on dest parameter in fetch module", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "RHBZ#1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1735", url: "https://www.cve.org/CVERecord?id=CVE-2020-1735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: path injection on dest parameter in fetch module", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1737", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-02-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802154", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Extract-Zip function in win_unzip module does not check extracted path", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "RHBZ#1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1737", url: "https://www.cve.org/CVERecord?id=CVE-2020-1737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: Extract-Zip function in win_unzip module does not check extracted path", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1739", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802178", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "Vulnerability description", }, { category: "summary", text: "ansible: svn module leaks password when specified as a parameter", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "RHBZ#1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1739", url: "https://www.cve.org/CVERecord?id=CVE-2020-1739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "Instead of using the parameter 'password' of the subversion module, provide the password with stdin.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: svn module leaks password when specified as a parameter", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1740", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802193", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.", title: "Vulnerability description", }, { category: "summary", text: "ansible: secrets readable after ansible-vault edit", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "RHBZ#1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1740", url: "https://www.cve.org/CVERecord?id=CVE-2020-1740", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the 'edit' option from 'ansible-vault' command line tool.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: secrets readable after ansible-vault edit", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-1746", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2019-12-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1805491", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "RHBZ#1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1746", url: "https://www.cve.org/CVERecord?id=CVE-2020-1746", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", }, ], release_date: "2020-02-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", }, { acknowledgments: [ { names: [ "Abhijeet Kasurde", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2020-1753", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, discovery_date: "2020-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1811008", }, ], notes: [ { category: "description", text: "A security flaw was found in the Ansible Engine when managing Kubernetes using the k8s connection plugin. Sensitive parameters such as passwords and tokens are passed to the kubectl command line instead of using environment variables or an input configuration file, which is safer. This flaw discloses passwords and tokens from the process list, and the no_log directive from the debug module would not be reflected in the underlying command-line tools options, displaying passwords and tokens on stdout and log files.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: kubectl connection plugin leaks sensitive information", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.17, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1753", }, { category: "external", summary: "RHBZ#1811008", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1811008", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1753", url: "https://www.cve.org/CVERecord?id=CVE-2020-1753", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", }, ], release_date: "2020-03-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "Currently, there is no mitigation for this issue.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: kubectl connection plugin leaks sensitive information", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10684", cwe: { id: "CWE-862", name: "Missing Authorization", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1815519", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: code injection when using ansible_facts as a subkey", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "RHBZ#1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10684", url: "https://www.cve.org/CVERecord?id=CVE-2020-10684", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", }, ], release_date: "2020-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Ansible: code injection when using ansible_facts as a subkey", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10685", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1814627", }, ], notes: [ { category: "description", text: "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: modules which use files encrypted with vault are not properly cleaned up", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "RHBZ#1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10685", url: "https://www.cve.org/CVERecord?id=CVE-2020-10685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", }, ], release_date: "2020-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: modules which use files encrypted with vault are not properly cleaned up", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-10691", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-03-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1817161", }, ], notes: [ { category: "description", text: "An archive traversal flaw was found in Ansible Engine when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: archive traversal vulnerability in ansible-galaxy collection install", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.9.6 as well as previous 2.9.x versions are affected. Ansible versions less than or equal to 2.8 are not affected by this vulnerability as this functionality was introduced on 2.9.\n\nAnsible Tower 3.6.3 as well as previous 3.6.x versions are affected as they use ansible-galaxy collections.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10691", }, { category: "external", summary: "RHBZ#1817161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1817161", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10691", url: "https://www.cve.org/CVERecord?id=CVE-2020-10691", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10691", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10691", }, ], release_date: "2020-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "A possible mitigation of archive traversal issue could be done by restricting file access control and directory write accesses for extracting tarball files. This is feasible only for scenarios when the destination path could be known and enforced beforehand.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: archive traversal vulnerability in ansible-galaxy collection install", }, ], }
rhsa-2020_1541
Vulnerability from csaf_redhat
Published
2020-04-22 14:10
Modified
2024-11-22 14:31
Summary
Red Hat Security Advisory: Ansible security and bug fix update (2.9.7)
Notes
Topic
An update for ansible is now available for Ansible Engine 2.9
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Ansible is a simple model-driven configuration management, multi-node
deployment, and remote-task execution system. Ansible works over SSH and
does not require any software or daemons to be installed on remote nodes.
Extension modules can be written in any language and are transferred to
managed machines automatically.
The following packages have been upgraded to a newer upstream version:
ansible (2.9.7)
Bug Fix(es):
* CVE-2020-10684 Ansible: code injection when using ansible_facts as a
subkey
* CVE-2020-10685 Ansible: modules which use files encrypted with vault are
not properly cleaned up
* CVE-2020-10691 Ansible: archive traversal vulnerability in ansible-galaxy
collection install
* CVE-2020-1733 ansible: insecure temporary directory when running
become_user from become directive
* CVE-2020-1735 ansible: path injection on dest parameter in fetch module
* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not
check extracted path
* CVE-2020-1739 ansible: svn module leaks password when specified as a
parameter
* CVE-2020-1740 ansible: secrets readable after ansible-vault edit
* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and
ldap_entry modules
* CVE-2020-1753 Ansible: kubectl connection plugin leaks sensitive
information
See:
https://github.com/ansible/ansible/blob/v2.9.7/changelogs/CHANGELOG-v2.9.rst
for details on bug fixes in this release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for ansible is now available for Ansible Engine 2.9\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Ansible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH and\ndoes not require any software or daemons to be installed on remote nodes.\nExtension modules can be written in any language and are transferred to\nmanaged machines automatically.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.9.7)\n\nBug Fix(es):\n* CVE-2020-10684 Ansible: code injection when using ansible_facts as a\nsubkey\n* CVE-2020-10685 Ansible: modules which use files encrypted with vault are\nnot properly cleaned up\n* CVE-2020-10691 Ansible: archive traversal vulnerability in ansible-galaxy\ncollection install\n* CVE-2020-1733 ansible: insecure temporary directory when running\nbecome_user from become directive\n* CVE-2020-1735 ansible: path injection on dest parameter in fetch module\n* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not\ncheck extracted path\n* CVE-2020-1739 ansible: svn module leaks password when specified as a\nparameter\n* CVE-2020-1740 ansible: secrets readable after ansible-vault edit\n* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and\nldap_entry modules\n* CVE-2020-1753 Ansible: kubectl connection plugin leaks sensitive\ninformation\n\nSee:\nhttps://github.com/ansible/ansible/blob/v2.9.7/changelogs/CHANGELOG-v2.9.rst\nfor details on bug fixes in this release.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2020:1541", url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1801735", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", }, { category: "external", summary: "1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "1811008", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1811008", }, { category: "external", summary: "1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "1817161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1817161", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1541.json", }, ], title: "Red Hat Security Advisory: Ansible security and bug fix update (2.9.7)", tracking: { current_release_date: "2024-11-22T14:31:27+00:00", generator: { date: "2024-11-22T14:31:27+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2020:1541", initial_release_date: "2020-04-22T14:10:47+00:00", revision_history: [ { date: "2020-04-22T14:10:47+00:00", number: "1", summary: "Initial version", }, { date: "2020-04-22T14:10:47+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T14:31:27+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Ansible Engine 2.9 for RHEL 7 Server", product: { name: "Red Hat Ansible Engine 2.9 for RHEL 7 Server", product_id: "7Server-Ansible-2.9", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_engine:2.9::el7", }, }, }, { category: "product_name", name: "Red Hat Ansible Engine 2.9 for RHEL 8", product: { name: "Red Hat Ansible Engine 2.9 for RHEL 8", product_id: "8Base-Ansible-2.9", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_engine:2.9::el8", }, }, }, ], category: "product_family", name: "Red Hat Ansible Engine", }, { branches: [ { category: "product_version", name: "ansible-0:2.9.7-1.el7ae.noarch", product: { name: "ansible-0:2.9.7-1.el7ae.noarch", product_id: "ansible-0:2.9.7-1.el7ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.9.7-1.el7ae?arch=noarch", }, }, }, { category: "product_version", name: "ansible-test-0:2.9.7-1.el7ae.noarch", product: { name: "ansible-test-0:2.9.7-1.el7ae.noarch", product_id: "ansible-test-0:2.9.7-1.el7ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-test@2.9.7-1.el7ae?arch=noarch", }, }, }, { category: "product_version", name: "ansible-0:2.9.7-1.el8ae.noarch", product: { name: "ansible-0:2.9.7-1.el8ae.noarch", product_id: "ansible-0:2.9.7-1.el8ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.9.7-1.el8ae?arch=noarch", }, }, }, { category: "product_version", name: "ansible-test-0:2.9.7-1.el8ae.noarch", product: { name: "ansible-test-0:2.9.7-1.el8ae.noarch", product_id: "ansible-test-0:2.9.7-1.el8ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-test@2.9.7-1.el8ae?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "ansible-0:2.9.7-1.el7ae.src", product: { name: "ansible-0:2.9.7-1.el7ae.src", product_id: "ansible-0:2.9.7-1.el7ae.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.9.7-1.el7ae?arch=src", }, }, }, { category: "product_version", name: "ansible-0:2.9.7-1.el8ae.src", product: { name: "ansible-0:2.9.7-1.el8ae.src", product_id: "ansible-0:2.9.7-1.el8ae.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.9.7-1.el8ae?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-0:2.9.7-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.9 for RHEL 7 Server", product_id: "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", }, product_reference: "ansible-0:2.9.7-1.el7ae.noarch", relates_to_product_reference: "7Server-Ansible-2.9", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.9.7-1.el7ae.src as a component of Red Hat Ansible Engine 2.9 for RHEL 7 Server", product_id: "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", }, product_reference: "ansible-0:2.9.7-1.el7ae.src", relates_to_product_reference: "7Server-Ansible-2.9", }, { category: "default_component_of", full_product_name: { name: "ansible-test-0:2.9.7-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.9 for RHEL 7 Server", product_id: "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", }, product_reference: "ansible-test-0:2.9.7-1.el7ae.noarch", relates_to_product_reference: "7Server-Ansible-2.9", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.9.7-1.el8ae.noarch as a component of Red Hat Ansible Engine 2.9 for RHEL 8", product_id: "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", }, product_reference: "ansible-0:2.9.7-1.el8ae.noarch", relates_to_product_reference: "8Base-Ansible-2.9", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.9.7-1.el8ae.src as a component of Red Hat Ansible Engine 2.9 for RHEL 8", product_id: "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", }, product_reference: "ansible-0:2.9.7-1.el8ae.src", relates_to_product_reference: "8Base-Ansible-2.9", }, { category: "default_component_of", full_product_name: { name: "ansible-test-0:2.9.7-1.el8ae.noarch as a component of Red Hat Ansible Engine 2.9 for RHEL 8", product_id: "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", }, product_reference: "ansible-test-0:2.9.7-1.el8ae.noarch", relates_to_product_reference: "8Base-Ansible-2.9", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1733", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1801735", }, ], notes: [ { category: "description", text: "A race condition flaw was found in Ansible Engine when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.", title: "Vulnerability description", }, { category: "summary", text: "ansible: insecure temporary directory when running become_user from become directive", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1733", }, { category: "external", summary: "RHBZ#1801735", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1733", url: "https://www.cve.org/CVERecord?id=CVE-2020-1733", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "This issue can be mitigated by mounting the proc filesystem with hidepid=2 option (https://www.kernel.org/doc/Documentation/filesystems/proc.txt). This way only the user used by Ansible will be able to perform the attack as users on the system will be able to access only their processes /proc/$PID/ directories.\n\nAlso note that mounting proc filesystem with hidepid=2 might require re-mounting it on unpatched kernels, due to a kernel bug (see https://unix.stackexchange.com/questions/584054/why-procfs-mount-option-only-working-on-remount), there will be hidepid=3 in the future (https://patchwork.kernel.org/patch/11310217/).", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: insecure temporary directory when running become_user from become directive", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1735", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802085", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.", title: "Vulnerability description", }, { category: "summary", text: "ansible: path injection on dest parameter in fetch module", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "RHBZ#1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1735", url: "https://www.cve.org/CVERecord?id=CVE-2020-1735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: path injection on dest parameter in fetch module", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1737", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-02-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802154", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Extract-Zip function in win_unzip module does not check extracted path", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "RHBZ#1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1737", url: "https://www.cve.org/CVERecord?id=CVE-2020-1737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: Extract-Zip function in win_unzip module does not check extracted path", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1739", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802178", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "Vulnerability description", }, { category: "summary", text: "ansible: svn module leaks password when specified as a parameter", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "RHBZ#1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1739", url: "https://www.cve.org/CVERecord?id=CVE-2020-1739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "Instead of using the parameter 'password' of the subversion module, provide the password with stdin.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: svn module leaks password when specified as a parameter", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1740", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802193", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.", title: "Vulnerability description", }, { category: "summary", text: "ansible: secrets readable after ansible-vault edit", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "RHBZ#1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1740", url: "https://www.cve.org/CVERecord?id=CVE-2020-1740", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the 'edit' option from 'ansible-vault' command line tool.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: secrets readable after ansible-vault edit", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-1746", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2019-12-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1805491", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "RHBZ#1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1746", url: "https://www.cve.org/CVERecord?id=CVE-2020-1746", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", }, ], release_date: "2020-02-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", }, { acknowledgments: [ { names: [ "Abhijeet Kasurde", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2020-1753", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, discovery_date: "2020-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1811008", }, ], notes: [ { category: "description", text: "A security flaw was found in the Ansible Engine when managing Kubernetes using the k8s connection plugin. Sensitive parameters such as passwords and tokens are passed to the kubectl command line instead of using environment variables or an input configuration file, which is safer. This flaw discloses passwords and tokens from the process list, and the no_log directive from the debug module would not be reflected in the underlying command-line tools options, displaying passwords and tokens on stdout and log files.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: kubectl connection plugin leaks sensitive information", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.17, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1753", }, { category: "external", summary: "RHBZ#1811008", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1811008", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1753", url: "https://www.cve.org/CVERecord?id=CVE-2020-1753", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", }, ], release_date: "2020-03-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "Currently, there is no mitigation for this issue.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: kubectl connection plugin leaks sensitive information", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10684", cwe: { id: "CWE-862", name: "Missing Authorization", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1815519", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: code injection when using ansible_facts as a subkey", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "RHBZ#1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10684", url: "https://www.cve.org/CVERecord?id=CVE-2020-10684", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", }, ], release_date: "2020-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Ansible: code injection when using ansible_facts as a subkey", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10685", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1814627", }, ], notes: [ { category: "description", text: "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: modules which use files encrypted with vault are not properly cleaned up", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "RHBZ#1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10685", url: "https://www.cve.org/CVERecord?id=CVE-2020-10685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", }, ], release_date: "2020-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: modules which use files encrypted with vault are not properly cleaned up", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-10691", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-03-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1817161", }, ], notes: [ { category: "description", text: "An archive traversal flaw was found in Ansible Engine when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: archive traversal vulnerability in ansible-galaxy collection install", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.9.6 as well as previous 2.9.x versions are affected. Ansible versions less than or equal to 2.8 are not affected by this vulnerability as this functionality was introduced on 2.9.\n\nAnsible Tower 3.6.3 as well as previous 3.6.x versions are affected as they use ansible-galaxy collections.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10691", }, { category: "external", summary: "RHBZ#1817161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1817161", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10691", url: "https://www.cve.org/CVERecord?id=CVE-2020-10691", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10691", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10691", }, ], release_date: "2020-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:47+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "workaround", details: "A possible mitigation of archive traversal issue could be done by restricting file access control and directory write accesses for extracting tarball files. This is feasible only for scenarios when the destination path could be known and enforced beforehand.", product_ids: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: archive traversal vulnerability in ansible-galaxy collection install", }, ], }
rhsa-2020:1542
Vulnerability from csaf_redhat
Published
2020-04-22 14:10
Modified
2024-11-22 14:31
Summary
Red Hat Security Advisory: Ansible security and bug fix update (2.9.7)
Notes
Topic
An update for ansible is now available for Ansible Engine 2
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Ansible is a simple model-driven configuration management, multi-node
deployment, and remote-task execution system. Ansible works over SSH and
does not require any software or daemons to be installed on remote nodes.
Extension modules can be written in any language and are transferred to
managed machines automatically.
The following packages have been upgraded to a newer upstream version:
ansible (2.9.7)
Bug Fix(es):
* CVE-2020-10684 Ansible: code injection when using ansible_facts as a
subkey
* CVE-2020-10685 Ansible: modules which use files encrypted with vault are
not properly cleaned up
* CVE-2020-10691 Ansible: archive traversal vulnerability in ansible-galaxy
collection install
* CVE-2020-1733 ansible: insecure temporary directory when running
become_user from become directive
* CVE-2020-1735 ansible: path injection on dest parameter in fetch module
* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not
check extracted path
* CVE-2020-1739 ansible: svn module leaks password when specified as a
parameter
* CVE-2020-1740 ansible: secrets readable after ansible-vault edit
* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and
ldap_entry modules
* CVE-2020-1753 Ansible: kubectl connection plugin leaks sensitive
information
See:
https://github.com/ansible/ansible/blob/v2.9.7/changelogs/CHANGELOG-v2.9.rst
for details on bug fixes in this release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for ansible is now available for Ansible Engine 2\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Ansible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH and\ndoes not require any software or daemons to be installed on remote nodes.\nExtension modules can be written in any language and are transferred to\nmanaged machines automatically.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.9.7)\n\nBug Fix(es):\n* CVE-2020-10684 Ansible: code injection when using ansible_facts as a\nsubkey\n* CVE-2020-10685 Ansible: modules which use files encrypted with vault are\nnot properly cleaned up\n* CVE-2020-10691 Ansible: archive traversal vulnerability in ansible-galaxy\ncollection install\n* CVE-2020-1733 ansible: insecure temporary directory when running\nbecome_user from become directive\n* CVE-2020-1735 ansible: path injection on dest parameter in fetch module\n* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not\ncheck extracted path\n* CVE-2020-1739 ansible: svn module leaks password when specified as a\nparameter\n* CVE-2020-1740 ansible: secrets readable after ansible-vault edit\n* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and\nldap_entry modules\n* CVE-2020-1753 Ansible: kubectl connection plugin leaks sensitive\ninformation\n\nSee:\nhttps://github.com/ansible/ansible/blob/v2.9.7/changelogs/CHANGELOG-v2.9.rst\nfor details on bug fixes in this release.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2020:1542", url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1801735", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", }, { category: "external", summary: "1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "1811008", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1811008", }, { category: "external", summary: "1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "1817161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1817161", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1542.json", }, ], title: "Red Hat Security Advisory: Ansible security and bug fix update (2.9.7)", tracking: { current_release_date: "2024-11-22T14:31:34+00:00", generator: { date: "2024-11-22T14:31:34+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2020:1542", initial_release_date: "2020-04-22T14:10:54+00:00", revision_history: [ { date: "2020-04-22T14:10:54+00:00", number: "1", summary: "Initial version", }, { date: "2020-04-22T14:10:54+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T14:31:34+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Ansible Engine 2 for RHEL 7", product: { name: "Red Hat Ansible Engine 2 for RHEL 7", product_id: "7Server-Ansible-2", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_engine:2::el7", }, }, }, { category: "product_name", name: "Red Hat Ansible Engine 2 for RHEL 8", product: { name: "Red Hat Ansible Engine 2 for RHEL 8", product_id: "8Base-Ansible-2", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_engine:2::el8", }, }, }, ], category: "product_family", name: "Red Hat Ansible Engine", }, { branches: [ { category: "product_version", name: "ansible-0:2.9.7-1.el7ae.noarch", product: { name: "ansible-0:2.9.7-1.el7ae.noarch", product_id: "ansible-0:2.9.7-1.el7ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.9.7-1.el7ae?arch=noarch", }, }, }, { category: "product_version", name: "ansible-test-0:2.9.7-1.el7ae.noarch", product: { name: "ansible-test-0:2.9.7-1.el7ae.noarch", product_id: "ansible-test-0:2.9.7-1.el7ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-test@2.9.7-1.el7ae?arch=noarch", }, }, }, { category: "product_version", name: "ansible-0:2.9.7-1.el8ae.noarch", product: { name: "ansible-0:2.9.7-1.el8ae.noarch", product_id: "ansible-0:2.9.7-1.el8ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.9.7-1.el8ae?arch=noarch", }, }, }, { category: "product_version", name: "ansible-test-0:2.9.7-1.el8ae.noarch", product: { name: "ansible-test-0:2.9.7-1.el8ae.noarch", product_id: "ansible-test-0:2.9.7-1.el8ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-test@2.9.7-1.el8ae?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "ansible-0:2.9.7-1.el7ae.src", product: { name: "ansible-0:2.9.7-1.el7ae.src", product_id: "ansible-0:2.9.7-1.el7ae.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.9.7-1.el7ae?arch=src", }, }, }, { category: "product_version", name: "ansible-0:2.9.7-1.el8ae.src", product: { name: "ansible-0:2.9.7-1.el8ae.src", product_id: "ansible-0:2.9.7-1.el8ae.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.9.7-1.el8ae?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-0:2.9.7-1.el7ae.noarch as a component of Red Hat Ansible Engine 2 for RHEL 7", product_id: "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", }, product_reference: "ansible-0:2.9.7-1.el7ae.noarch", relates_to_product_reference: "7Server-Ansible-2", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.9.7-1.el7ae.src as a component of Red Hat Ansible Engine 2 for RHEL 7", product_id: "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", }, product_reference: "ansible-0:2.9.7-1.el7ae.src", relates_to_product_reference: "7Server-Ansible-2", }, { category: "default_component_of", full_product_name: { name: "ansible-test-0:2.9.7-1.el7ae.noarch as a component of Red Hat Ansible Engine 2 for RHEL 7", product_id: "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", }, product_reference: "ansible-test-0:2.9.7-1.el7ae.noarch", relates_to_product_reference: "7Server-Ansible-2", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.9.7-1.el8ae.noarch as a component of Red Hat Ansible Engine 2 for RHEL 8", product_id: "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", }, product_reference: "ansible-0:2.9.7-1.el8ae.noarch", relates_to_product_reference: "8Base-Ansible-2", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.9.7-1.el8ae.src as a component of Red Hat Ansible Engine 2 for RHEL 8", product_id: "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", }, product_reference: "ansible-0:2.9.7-1.el8ae.src", relates_to_product_reference: "8Base-Ansible-2", }, { category: "default_component_of", full_product_name: { name: "ansible-test-0:2.9.7-1.el8ae.noarch as a component of Red Hat Ansible Engine 2 for RHEL 8", product_id: "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", }, product_reference: "ansible-test-0:2.9.7-1.el8ae.noarch", relates_to_product_reference: "8Base-Ansible-2", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1733", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1801735", }, ], notes: [ { category: "description", text: "A race condition flaw was found in Ansible Engine when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.", title: "Vulnerability description", }, { category: "summary", text: "ansible: insecure temporary directory when running become_user from become directive", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1733", }, { category: "external", summary: "RHBZ#1801735", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1733", url: "https://www.cve.org/CVERecord?id=CVE-2020-1733", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "This issue can be mitigated by mounting the proc filesystem with hidepid=2 option (https://www.kernel.org/doc/Documentation/filesystems/proc.txt). This way only the user used by Ansible will be able to perform the attack as users on the system will be able to access only their processes /proc/$PID/ directories.\n\nAlso note that mounting proc filesystem with hidepid=2 might require re-mounting it on unpatched kernels, due to a kernel bug (see https://unix.stackexchange.com/questions/584054/why-procfs-mount-option-only-working-on-remount), there will be hidepid=3 in the future (https://patchwork.kernel.org/patch/11310217/).", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: insecure temporary directory when running become_user from become directive", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1735", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802085", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.", title: "Vulnerability description", }, { category: "summary", text: "ansible: path injection on dest parameter in fetch module", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "RHBZ#1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1735", url: "https://www.cve.org/CVERecord?id=CVE-2020-1735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: path injection on dest parameter in fetch module", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1737", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-02-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802154", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Extract-Zip function in win_unzip module does not check extracted path", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "RHBZ#1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1737", url: "https://www.cve.org/CVERecord?id=CVE-2020-1737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: Extract-Zip function in win_unzip module does not check extracted path", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1739", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802178", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "Vulnerability description", }, { category: "summary", text: "ansible: svn module leaks password when specified as a parameter", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "RHBZ#1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1739", url: "https://www.cve.org/CVERecord?id=CVE-2020-1739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "Instead of using the parameter 'password' of the subversion module, provide the password with stdin.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: svn module leaks password when specified as a parameter", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1740", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802193", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.", title: "Vulnerability description", }, { category: "summary", text: "ansible: secrets readable after ansible-vault edit", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "RHBZ#1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1740", url: "https://www.cve.org/CVERecord?id=CVE-2020-1740", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the 'edit' option from 'ansible-vault' command line tool.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: secrets readable after ansible-vault edit", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-1746", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2019-12-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1805491", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "RHBZ#1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1746", url: "https://www.cve.org/CVERecord?id=CVE-2020-1746", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", }, ], release_date: "2020-02-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", }, { acknowledgments: [ { names: [ "Abhijeet Kasurde", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2020-1753", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, discovery_date: "2020-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1811008", }, ], notes: [ { category: "description", text: "A security flaw was found in the Ansible Engine when managing Kubernetes using the k8s connection plugin. Sensitive parameters such as passwords and tokens are passed to the kubectl command line instead of using environment variables or an input configuration file, which is safer. This flaw discloses passwords and tokens from the process list, and the no_log directive from the debug module would not be reflected in the underlying command-line tools options, displaying passwords and tokens on stdout and log files.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: kubectl connection plugin leaks sensitive information", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.17, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1753", }, { category: "external", summary: "RHBZ#1811008", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1811008", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1753", url: "https://www.cve.org/CVERecord?id=CVE-2020-1753", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", }, ], release_date: "2020-03-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "Currently, there is no mitigation for this issue.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: kubectl connection plugin leaks sensitive information", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10684", cwe: { id: "CWE-862", name: "Missing Authorization", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1815519", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: code injection when using ansible_facts as a subkey", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "RHBZ#1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10684", url: "https://www.cve.org/CVERecord?id=CVE-2020-10684", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", }, ], release_date: "2020-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Ansible: code injection when using ansible_facts as a subkey", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10685", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1814627", }, ], notes: [ { category: "description", text: "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: modules which use files encrypted with vault are not properly cleaned up", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "RHBZ#1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10685", url: "https://www.cve.org/CVERecord?id=CVE-2020-10685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", }, ], release_date: "2020-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: modules which use files encrypted with vault are not properly cleaned up", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-10691", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-03-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1817161", }, ], notes: [ { category: "description", text: "An archive traversal flaw was found in Ansible Engine when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: archive traversal vulnerability in ansible-galaxy collection install", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.9.6 as well as previous 2.9.x versions are affected. Ansible versions less than or equal to 2.8 are not affected by this vulnerability as this functionality was introduced on 2.9.\n\nAnsible Tower 3.6.3 as well as previous 3.6.x versions are affected as they use ansible-galaxy collections.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10691", }, { category: "external", summary: "RHBZ#1817161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1817161", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10691", url: "https://www.cve.org/CVERecord?id=CVE-2020-10691", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10691", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10691", }, ], release_date: "2020-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:10:54+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "workaround", details: "A possible mitigation of archive traversal issue could be done by restricting file access control and directory write accesses for extracting tarball files. This is feasible only for scenarios when the destination path could be known and enforced beforehand.", product_ids: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.7-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.7-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.7-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.7-1.el8ae.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: archive traversal vulnerability in ansible-galaxy collection install", }, ], }
RHBA-2020:0547
Vulnerability from csaf_redhat
Published
2020-02-18 15:13
Modified
2025-03-17 01:11
Summary
Red Hat Bug Fix Advisory: Container Image Rebuild for Ansible Tower 3.4 Dependency
Notes
Topic
Container Image Rebuild for Ansible Tower 3.4 Dependency
Details
The ansible-tower-memcached container image has been updated for Red Hat Ansible Tower 3.4 for RHEL 7 to address security advisories:
RHSA-2019:2030
RHSA-2019:2118
RHSA-2019:2136
RHSA-2019:2197
RHSA-2019:2237
RHSA-2019:2304
RHSA-2019:4190
RHSA-2020:0227
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Container Image Rebuild for Ansible Tower 3.4 Dependency", title: "Topic", }, { category: "general", text: "The ansible-tower-memcached container image has been updated for Red Hat Ansible Tower 3.4 for RHEL 7 to address security advisories:\n\nRHSA-2019:2030\nRHSA-2019:2118\nRHSA-2019:2136\nRHSA-2019:2197\nRHSA-2019:2237\nRHSA-2019:2304\nRHSA-2019:4190\nRHSA-2020:0227", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2020:0547", url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "external", summary: "https://access.redhat.com/errata/RHSA-2019:2030", url: "https://access.redhat.com/errata/RHSA-2019:2030", }, { category: "external", summary: "https://access.redhat.com/errata/RHSA-2019:2118", url: "https://access.redhat.com/errata/RHSA-2019:2118", }, { category: "external", summary: "https://access.redhat.com/errata/RHSA-2019:2136", url: "https://access.redhat.com/errata/RHSA-2019:2136", }, { category: "external", summary: "https://access.redhat.com/errata/RHSA-2019:2197", url: "https://access.redhat.com/errata/RHSA-2019:2197", }, { category: "external", summary: "https://access.redhat.com/errata/RHSA-2019:2237", url: "https://access.redhat.com/errata/RHSA-2019:2237", }, { category: "external", summary: "https://access.redhat.com/errata/RHSA-2019:2304", url: "https://access.redhat.com/errata/RHSA-2019:2304", }, { category: "external", summary: "https://access.redhat.com/errata/RHSA-2019:4190", url: "https://access.redhat.com/errata/RHSA-2019:4190", }, { category: "external", summary: "https://access.redhat.com/errata/RHSA-2020:0227", url: "https://access.redhat.com/errata/RHSA-2020:0227", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhba-2020_0547.json", }, ], title: "Red Hat Bug Fix Advisory: Container Image Rebuild for Ansible Tower 3.4 Dependency", tracking: { current_release_date: "2025-03-17T01:11:07+00:00", generator: { date: "2025-03-17T01:11:07+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHBA-2020:0547", initial_release_date: "2020-02-18T15:13:57+00:00", revision_history: [ { date: "2020-02-18T15:13:57+00:00", number: "1", summary: "Initial version", }, { date: "2020-02-18T15:13:57+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-17T01:11:07+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Ansible Tower 3.4 for RHEL 7 Server", product: { name: "Red Hat Ansible Tower 3.4 for RHEL 7 Server", product_id: "7Server-Ansible-Tower-3.4", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_tower:3.4::el7", }, }, }, ], category: "product_family", name: "Red Hat Ansible Tower", }, { branches: [ { category: "product_version", name: "ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product: { name: "ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product_id: "ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product_identification_helper: { purl: "pkg:oci/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c?arch=amd64&repository_url=registry.redhat.io/ansible-tower-37/ansible-tower-memcached-rhel7&tag=1.4.15-28", }, }, }, { category: "product_version", name: "ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product: { name: "ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product_id: "ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product_identification_helper: { purl: "pkg:oci/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c?arch=amd64&repository_url=registry.redhat.io/ansible-tower-35/ansible-tower-memcached&tag=1.4.15-28", }, }, }, { category: "product_version", name: "ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product: { name: "ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product_id: "ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", product_identification_helper: { purl: "pkg:oci/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c?arch=amd64&repository_url=registry.redhat.io/ansible-tower-34/ansible-tower-memcached&tag=1.4.15-28", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64 as a component of Red Hat Ansible Tower 3.4 for RHEL 7 Server", product_id: "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", }, product_reference: "ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", relates_to_product_reference: "7Server-Ansible-Tower-3.4", }, { category: "default_component_of", full_product_name: { name: "ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64 as a component of Red Hat Ansible Tower 3.4 for RHEL 7 Server", product_id: "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", }, product_reference: "ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", relates_to_product_reference: "7Server-Ansible-Tower-3.4", }, { category: "default_component_of", full_product_name: { name: "ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64 as a component of Red Hat Ansible Tower 3.4 for RHEL 7 Server", product_id: "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", }, product_reference: "ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", relates_to_product_reference: "7Server-Ansible-Tower-3.4", }, ], }, vulnerabilities: [ { cve: "CVE-2016-10739", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2016-02-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1347549", }, ], notes: [ { category: "description", text: "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", title: "Vulnerability description", }, { category: "summary", text: "glibc: getaddrinfo should reject IP addresses with trailing characters", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-10739", }, { category: "external", summary: "RHBZ#1347549", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-10739", url: "https://www.cve.org/CVERecord?id=CVE-2016-10739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-10739", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-10739", }, ], release_date: "2016-04-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "glibc: getaddrinfo should reject IP addresses with trailing characters", }, { cve: "CVE-2018-0495", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2018-06-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1591163", }, ], notes: [ { category: "description", text: "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", title: "Vulnerability description", }, { category: "summary", text: "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", title: "Vulnerability summary", }, { category: "other", text: "Since the 5.8.3 release, Red Hat CloudForms no longer uses libtomcrypt.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-0495", }, { category: "external", summary: "RHBZ#1591163", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1591163", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-0495", url: "https://www.cve.org/CVERecord?id=CVE-2018-0495", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-0495", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-0495", }, { category: "external", summary: "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", url: "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", }, ], release_date: "2018-06-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", }, { cve: "CVE-2018-0734", cwe: { id: "CWE-385", name: "Covert Timing Channel", }, discovery_date: "2018-10-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1644364", }, ], notes: [ { category: "description", text: "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", title: "Vulnerability description", }, { category: "summary", text: "openssl: timing side channel attack in the DSA signature algorithm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-0734", }, { category: "external", summary: "RHBZ#1644364", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1644364", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-0734", url: "https://www.cve.org/CVERecord?id=CVE-2018-0734", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-0734", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-0734", }, ], release_date: "2018-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: timing side channel attack in the DSA signature algorithm", }, { acknowledgments: [ { names: [ "Qualys Research Labs", ], }, ], cve: "CVE-2018-1122", cwe: { id: "CWE-829", name: "Inclusion of Functionality from Untrusted Control Sphere", }, discovery_date: "2018-05-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1575466", }, ], notes: [ { category: "description", text: "If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", title: "Vulnerability description", }, { category: "summary", text: "procps: Local privilege escalation in top", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-1122", }, { category: "external", summary: "RHBZ#1575466", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1575466", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-1122", url: "https://www.cve.org/CVERecord?id=CVE-2018-1122", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1122", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1122", }, { category: "external", summary: "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt", url: "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt", }, ], release_date: "2018-05-17T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "procps: Local privilege escalation in top", }, { cve: "CVE-2018-5818", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2018-12-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1661608", }, ], notes: [ { category: "description", text: "An error within the \"parse_rollei()\" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.", title: "Vulnerability description", }, { category: "summary", text: "LibRaw: DoS in parse_rollei function in internal/dcraw_common.cpp", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-5818", }, { category: "external", summary: "RHBZ#1661608", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1661608", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-5818", url: "https://www.cve.org/CVERecord?id=CVE-2018-5818", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-5818", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-5818", }, ], release_date: "2018-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "LibRaw: DoS in parse_rollei function in internal/dcraw_common.cpp", }, { cve: "CVE-2018-5819", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-12-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1661604", }, ], notes: [ { category: "description", text: "An error within the \"parse_sinar_ia()\" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.", title: "Vulnerability description", }, { category: "summary", text: "LibRaw: DoS in parse_sinar_ia function in internal/dcraw_common.cpp", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-5819", }, { category: "external", summary: "RHBZ#1661604", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1661604", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-5819", url: "https://www.cve.org/CVERecord?id=CVE-2018-5819", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-5819", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-5819", }, ], release_date: "2018-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "LibRaw: DoS in parse_sinar_ia function in internal/dcraw_common.cpp", }, { cve: "CVE-2018-12404", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2018-12-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1657913", }, ], notes: [ { category: "description", text: "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", title: "Vulnerability description", }, { category: "summary", text: "nss: Cache side-channel variant of the Bleichenbacher attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-12404", }, { category: "external", summary: "RHBZ#1657913", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1657913", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-12404", url: "https://www.cve.org/CVERecord?id=CVE-2018-12404", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-12404", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-12404", }, ], release_date: "2018-11-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "nss: Cache side-channel variant of the Bleichenbacher attack", }, { cve: "CVE-2018-12641", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-06-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1594410", }, ], notes: [ { category: "description", text: "An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.", title: "Vulnerability description", }, { category: "summary", text: "binutils: Stack Exhaustion in the demangling functions provided by libiberty", title: "Vulnerability summary", }, { category: "other", text: "The issue is classified as low severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting its exploitation potential. The stack overflow in demangle_class_name() only triggers during the parsing of malformed ELF files, which would require an attacker to convince a user to process a malicious file with binutils. Moreover, binutils does not handle privileged operations, meaning exploitation is unlikely to lead to system compromise or escalation of privileges. Additionally, the impact is localized to the application itself, without affecting the broader system or network security.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-12641", }, { category: "external", summary: "RHBZ#1594410", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1594410", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-12641", url: "https://www.cve.org/CVERecord?id=CVE-2018-12641", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-12641", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-12641", }, ], release_date: "2018-04-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "binutils: Stack Exhaustion in the demangling functions provided by libiberty", }, { cve: "CVE-2018-12697", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2018-06-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1595417", }, ], notes: [ { category: "description", text: "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.", title: "Vulnerability description", }, { category: "summary", text: "binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c.", title: "Vulnerability summary", }, { category: "other", text: "This issue is classified with a low severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting the possibility of exploitation. Additionally, this NULL pointer dereference is only triggered during the parsing of a specially crafted file, requiring an attacker to convince a user to process this file with objdump. Furthermore, binutils does not handle privileged operations, meaning that exploitation is unlikely to lead to system compromise or escalation of privileges. Also, the impact is limited to the application itself, without affecting the broader system or network security.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-12697", }, { category: "external", summary: "RHBZ#1595417", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1595417", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-12697", url: "https://www.cve.org/CVERecord?id=CVE-2018-12697", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-12697", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-12697", }, ], release_date: "2018-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c.", }, { acknowledgments: [ { names: [ "the Curl project", ], }, { names: [ "Zhaoyang Wu", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2018-14618", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2018-08-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1622707", }, ], notes: [ { category: "description", text: "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", title: "Vulnerability description", }, { category: "summary", text: "curl: NTLM password overflow via integer overflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14618", }, { category: "external", summary: "RHBZ#1622707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1622707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14618", url: "https://www.cve.org/CVERecord?id=CVE-2018-14618", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14618", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14618", }, { category: "external", summary: "https://curl.haxx.se/docs/CVE-2018-14618.html", url: "https://curl.haxx.se/docs/CVE-2018-14618.html", }, ], release_date: "2018-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: NTLM password overflow via integer overflow", }, { acknowledgments: [ { names: [ "the Python Security Response Team", ], }, ], cve: "CVE-2018-14647", cwe: { id: "CWE-335", name: "Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)", }, discovery_date: "2018-09-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1631822", }, ], notes: [ { category: "description", text: "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM.", title: "Vulnerability description", }, { category: "summary", text: "python: Missing salt initialization in _elementtree.c module", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14647", }, { category: "external", summary: "RHBZ#1631822", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1631822", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14647", url: "https://www.cve.org/CVERecord?id=CVE-2018-14647", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14647", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14647", }, { category: "external", summary: "https://bugs.python.org/issue34623", url: "https://bugs.python.org/issue34623", }, ], release_date: "2018-09-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: Missing salt initialization in _elementtree.c module", }, { acknowledgments: [ { names: [ "Jann Horn", ], organization: "Google Project Zero", }, { names: [ "Ubuntu", ], }, ], cve: "CVE-2018-15686", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2018-10-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1639071", }, ], notes: [ { category: "description", text: "It was discovered that systemd is vulnerable to a state injection attack when deserializing the state of a service. Properties longer than LINE_MAX are not correctly parsed and an attacker may abuse this flaw in particularly configured services to inject, change, or corrupt the service state.", title: "Vulnerability description", }, { category: "summary", text: "systemd: line splitting via fgets() allows for state injection during daemon-reexec", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-15686", }, { category: "external", summary: "RHBZ#1639071", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1639071", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-15686", url: "https://www.cve.org/CVERecord?id=CVE-2018-15686", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-15686", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-15686", }, ], release_date: "2018-10-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.6, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "systemd: line splitting via fgets() allows for state injection during daemon-reexec", }, { cve: "CVE-2018-16062", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2018-08-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1623752", }, ], notes: [ { category: "description", text: "An out-of-bounds read was discovered in elfutils in the way it reads DWARF address ranges information. Function dwarf_getaranges() in dwarf_getaranges.c does not properly check whether it reads beyond the limits of the ELF section. An attacker could use this flaw to cause a denial of service via a crafted file.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-16062", }, { category: "external", summary: "RHBZ#1623752", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1623752", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-16062", url: "https://www.cve.org/CVERecord?id=CVE-2018-16062", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-16062", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-16062", }, ], release_date: "2018-08-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", }, { cve: "CVE-2018-16402", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2018-09-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1625050", }, ], notes: [ { category: "description", text: "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-16402", }, { category: "external", summary: "RHBZ#1625050", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1625050", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-16402", url: "https://www.cve.org/CVERecord?id=CVE-2018-16402", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-16402", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-16402", }, ], release_date: "2018-08-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", }, { cve: "CVE-2018-16403", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2018-09-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1625055", }, ], notes: [ { category: "description", text: "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-16403", }, { category: "external", summary: "RHBZ#1625055", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1625055", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-16403", url: "https://www.cve.org/CVERecord?id=CVE-2018-16403", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-16403", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-16403", }, ], release_date: "2018-08-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", }, { acknowledgments: [ { names: [ "the Curl project", ], }, { names: [ "Brian Carpenter", ], organization: "Geeknik Labs", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2018-16842", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2018-10-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1644124", }, ], notes: [ { category: "description", text: "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", title: "Vulnerability description", }, { category: "summary", text: "curl: Heap-based buffer over-read in the curl tool warning formatting", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-16842", }, { category: "external", summary: "RHBZ#1644124", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1644124", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-16842", url: "https://www.cve.org/CVERecord?id=CVE-2018-16842", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-16842", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-16842", }, { category: "external", summary: "https://curl.haxx.se/docs/CVE-2018-16842.html", url: "https://curl.haxx.se/docs/CVE-2018-16842.html", }, ], release_date: "2018-10-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.6, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: Heap-based buffer over-read in the curl tool warning formatting", }, { acknowledgments: [ { names: [ "Qualys Research Labs", ], }, ], cve: "CVE-2018-16866", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2018-11-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1653867", }, ], notes: [ { category: "description", text: "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data.", title: "Vulnerability description", }, { category: "summary", text: "systemd: out-of-bounds read when parsing a crafted syslog message", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of systemd as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nRed Hat Virtualization Hypervisor and Management Appliance include vulnerable versions of systemd. However, since exploitation requires local access and impact is restricted to information disclosure, this flaw is rated as having a security issue of Low. Future updates may address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-16866", }, { category: "external", summary: "RHBZ#1653867", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1653867", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-16866", url: "https://www.cve.org/CVERecord?id=CVE-2018-16866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-16866", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-16866", }, { category: "external", summary: "https://www.qualys.com/2019/01/09/system-down/system-down.txt", url: "https://www.qualys.com/2019/01/09/system-down/system-down.txt", }, ], release_date: "2019-01-09T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "systemd: out-of-bounds read when parsing a crafted syslog message", }, { cve: "CVE-2018-16888", cwe: { id: "CWE-250", name: "Execution with Unnecessary Privileges", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1662867", }, ], notes: [ { category: "description", text: "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes.", title: "Vulnerability description", }, { category: "summary", text: "systemd: kills privileged process if unprivileged PIDFile was tampered", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-16888", }, { category: "external", summary: "RHBZ#1662867", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1662867", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-16888", url: "https://www.cve.org/CVERecord?id=CVE-2018-16888", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-16888", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-16888", }, ], release_date: "2017-08-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "systemd: kills privileged process if unprivileged PIDFile was tampered", }, { cve: "CVE-2018-18310", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2018-10-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1642604", }, ], notes: [ { category: "description", text: "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of elfutils as shipped with Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-18310", }, { category: "external", summary: "RHBZ#1642604", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1642604", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-18310", url: "https://www.cve.org/CVERecord?id=CVE-2018-18310", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-18310", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-18310", }, ], release_date: "2018-10-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", }, { cve: "CVE-2018-18520", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2018-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1646477", }, ], notes: [ { category: "description", text: "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: eu-size cannot handle recursive ar files", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of elfutils as shipped with Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-18520", }, { category: "external", summary: "RHBZ#1646477", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1646477", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-18520", url: "https://www.cve.org/CVERecord?id=CVE-2018-18520", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-18520", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-18520", }, ], release_date: "2018-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: eu-size cannot handle recursive ar files", }, { cve: "CVE-2018-18521", cwe: { id: "CWE-369", name: "Divide By Zero", }, discovery_date: "2018-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1646482", }, ], notes: [ { category: "description", text: "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of elfutils as shipped with Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-18521", }, { category: "external", summary: "RHBZ#1646482", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1646482", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-18521", url: "https://www.cve.org/CVERecord?id=CVE-2018-18521", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-18521", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-18521", }, ], release_date: "2018-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", }, { cve: "CVE-2018-20217", cwe: { id: "CWE-617", name: "Reachable Assertion", }, discovery_date: "2018-12-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1665296", }, ], notes: [ { category: "description", text: "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.", title: "Vulnerability description", }, { category: "summary", text: "krb5: Reachable assertion in the KDC using S4U2Self requests", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-20217", }, { category: "external", summary: "RHBZ#1665296", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1665296", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-20217", url: "https://www.cve.org/CVERecord?id=CVE-2018-20217", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-20217", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-20217", }, ], release_date: "2018-12-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "krb5: Reachable assertion in the KDC using S4U2Self requests", }, { cve: "CVE-2018-1000876", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2018-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1664699", }, ], notes: [ { category: "description", text: "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.", title: "Vulnerability description", }, { category: "summary", text: "binutils: integer overflow leads to heap-based buffer overflow in objdump", title: "Vulnerability summary", }, { category: "other", text: "The issue is classified as moderate severity primarily because of the unlikelihood of running a 32bit compiled objdump and/or having a compiled binary that uses 32bit compiled binutils libraries to analyze binaries from a not trusted source. Moreover, binutils does not handle privileged operations, meaning exploitation is unlikely to lead to system compromise or escalation of privileges. Additionally, the impact is localized to the application itself, without affecting the broader system or network security. \n\nAs per upstream binutils security policy this issue is not considered as a security flaw. Basically the key element of the policy that affects this is the understanding that analysis of untrusted binaries must always be done in a sandbox because the ELF format is open ended enough to make the analysis tools do anything, like including and processing arbitrary files. This eliminates the only possible vulnerability vector here, which is the possibility of a user being tricked into downloading and analyzing an untrusted ELF without sandboxing.\n\nSee the binutils security policy for more details:\nhttps://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-1000876", }, { category: "external", summary: "RHBZ#1664699", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1664699", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-1000876", url: "https://www.cve.org/CVERecord?id=CVE-2018-1000876", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1000876", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1000876", }, ], release_date: "2018-12-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "binutils: integer overflow leads to heap-based buffer overflow in objdump", }, { cve: "CVE-2019-1559", cwe: { id: "CWE-325", name: "Missing Cryptographic Step", }, discovery_date: "2019-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1683804", }, ], notes: [ { category: "description", text: "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", title: "Vulnerability description", }, { category: "summary", text: "openssl: 0-byte record padding oracle", title: "Vulnerability summary", }, { category: "other", text: "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n - The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n - the attacker has to be a MITM\n - the attacker has to be able to control the client side to send requests to the buggy server on demand", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-1559", }, { category: "external", summary: "RHBZ#1683804", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1683804", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-1559", url: "https://www.cve.org/CVERecord?id=CVE-2019-1559", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-1559", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-1559", }, { category: "external", summary: "https://github.com/RUB-NDS/TLS-Padding-Oracles", url: "https://github.com/RUB-NDS/TLS-Padding-Oracles", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20190226.txt", url: "https://www.openssl.org/news/secadv/20190226.txt", }, ], release_date: "2019-02-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: 0-byte record padding oracle", }, { acknowledgments: [ { names: [ "the libssh2 project", ], }, { names: [ "Chris Coulson", ], organization: "Canonical Ltd.", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-3858", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2019-03-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1687306", }, ], notes: [ { category: "description", text: "An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.", title: "Vulnerability description", }, { category: "summary", text: "libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read", title: "Vulnerability summary", }, { category: "other", text: "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.\n\nlibssh2 is no longer included in the virt module since Red Hat Enterprise Linux 8.1.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-3858", }, { category: "external", summary: "RHBZ#1687306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1687306", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-3858", url: "https://www.cve.org/CVERecord?id=CVE-2019-3858", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-3858", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-3858", }, { category: "external", summary: "https://www.libssh2.org/CVE-2019-3858.html", url: "https://www.libssh2.org/CVE-2019-3858.html", }, ], release_date: "2019-03-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read", }, { acknowledgments: [ { names: [ "the libssh2 project", ], }, { names: [ "Chris Coulson", ], organization: "Canonical Ltd.", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-3861", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2019-03-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1687311", }, ], notes: [ { category: "description", text: "An out of bounds read flaw was discovered in libssh2 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.", title: "Vulnerability description", }, { category: "summary", text: "libssh2: Out-of-bounds reads with specially crafted SSH packets", title: "Vulnerability summary", }, { category: "other", text: "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.\n\nlibssh2 is no longer included in the virt module since Red Hat Enterprise Linux 8.1.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-3861", }, { category: "external", summary: "RHBZ#1687311", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1687311", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-3861", url: "https://www.cve.org/CVERecord?id=CVE-2019-3861", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-3861", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-3861", }, { category: "external", summary: "https://www.libssh2.org/CVE-2019-3861.html", url: "https://www.libssh2.org/CVE-2019-3861.html", }, ], release_date: "2019-03-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libssh2: Out-of-bounds reads with specially crafted SSH packets", }, { acknowledgments: [ { names: [ "the libssh2 project", ], }, { names: [ "Chris Coulson", ], organization: "Canonical Ltd.", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-3862", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, discovery_date: "2019-03-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1687312", }, ], notes: [ { category: "description", text: "An out of bounds read flaw was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.", title: "Vulnerability description", }, { category: "summary", text: "libssh2: Out-of-bounds memory comparison with specially crafted message channel request", title: "Vulnerability summary", }, { category: "other", text: "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.\n\nlibssh2 is no longer included in the virt module since Red Hat Enterprise Linux 8.1.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-3862", }, { category: "external", summary: "RHBZ#1687312", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1687312", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-3862", url: "https://www.cve.org/CVERecord?id=CVE-2019-3862", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-3862", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-3862", }, { category: "external", summary: "https://www.libssh2.org/CVE-2019-3862.html", url: "https://www.libssh2.org/CVE-2019-3862.html", }, ], release_date: "2019-03-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libssh2: Out-of-bounds memory comparison with specially crafted message channel request", }, { cve: "CVE-2019-5010", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2019-01-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666519", }, ], notes: [ { category: "description", text: "A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.", title: "Vulnerability description", }, { category: "summary", text: "python: NULL pointer dereference using a specially crafted X509 certificate", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 5 and 6.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-5010", }, { category: "external", summary: "RHBZ#1666519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-5010", url: "https://www.cve.org/CVERecord?id=CVE-2019-5010", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-5010", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-5010", }, { category: "external", summary: "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", url: "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", }, ], release_date: "2019-01-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: NULL pointer dereference using a specially crafted X509 certificate", }, { cve: "CVE-2019-7149", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2019-01-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1671443", }, ], notes: [ { category: "description", text: "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-7149", }, { category: "external", summary: "RHBZ#1671443", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671443", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-7149", url: "https://www.cve.org/CVERecord?id=CVE-2019-7149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-7149", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-7149", }, ], release_date: "2019-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", }, { cve: "CVE-2019-7150", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2019-01-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1671446", }, ], notes: [ { category: "description", text: "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-7150", }, { category: "external", summary: "RHBZ#1671446", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671446", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-7150", url: "https://www.cve.org/CVERecord?id=CVE-2019-7150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-7150", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-7150", }, ], release_date: "2018-10-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", }, { cve: "CVE-2019-7664", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2019-02-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1677536", }, ], notes: [ { category: "description", text: "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", title: "Vulnerability description", }, { category: "summary", text: "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-7664", }, { category: "external", summary: "RHBZ#1677536", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677536", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-7664", url: "https://www.cve.org/CVERecord?id=CVE-2019-7664", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-7664", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-7664", }, ], release_date: "2019-01-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", }, { cve: "CVE-2019-7665", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-02-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1677538", }, ], notes: [ { category: "description", text: "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", title: "Vulnerability description", }, { category: "summary", text: "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-7665", }, { category: "external", summary: "RHBZ#1677538", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677538", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-7665", url: "https://www.cve.org/CVERecord?id=CVE-2019-7665", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-7665", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-7665", }, ], release_date: "2019-01-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", }, { cve: "CVE-2019-9740", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2019-03-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1688169", }, ], notes: [ { category: "description", text: "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.", title: "Vulnerability description", }, { category: "summary", text: "python: CRLF injection via the query part of the url passed to urlopen()", title: "Vulnerability summary", }, { category: "other", text: "This issue affects:\n* All current versions of Red Hat OpenStack Platform. However, version 8 is due to retire on the 20th of April 2019, there are no more planned releases prior to this date.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9740", }, { category: "external", summary: "RHBZ#1688169", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1688169", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9740", url: "https://www.cve.org/CVERecord?id=CVE-2019-9740", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9740", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9740", }, ], release_date: "2019-03-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: CRLF injection via the query part of the url passed to urlopen()", }, { cve: "CVE-2019-9947", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2019-03-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1695572", }, ], notes: [ { category: "description", text: "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.", title: "Vulnerability description", }, { category: "summary", text: "python: CRLF injection via the path part of the url passed to urlopen()", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9947", }, { category: "external", summary: "RHBZ#1695572", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1695572", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9947", url: "https://www.cve.org/CVERecord?id=CVE-2019-9947", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9947", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9947", }, ], release_date: "2019-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: CRLF injection via the path part of the url passed to urlopen()", }, { cve: "CVE-2019-9948", cwe: { id: "CWE-749", name: "Exposed Dangerous Method or Function", }, discovery_date: "2019-03-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1695570", }, ], notes: [ { category: "description", text: "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", title: "Vulnerability description", }, { category: "summary", text: "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9948", }, { category: "external", summary: "RHBZ#1695570", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1695570", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9948", url: "https://www.cve.org/CVERecord?id=CVE-2019-9948", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9948", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9948", }, ], release_date: "2019-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "If your application uses a blacklist to prevent \"file://\" schema from being used, consider using a whitelist approach to just allow the schemas you want or add \"local_file://\" schema to your blacklist.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", }, { acknowledgments: [ { names: [ "the Mozilla project", ], }, { names: [ "Jonas Allmann", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-11729", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, discovery_date: "2019-07-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1728437", }, ], notes: [ { category: "description", text: "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.", title: "Vulnerability description", }, { category: "summary", text: "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", title: "Vulnerability summary", }, { category: "other", text: "Firefox on Red Hat Enterprise Linux is built against the system nss library.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11729", }, { category: "external", summary: "RHBZ#1728437", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1728437", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11729", url: "https://www.cve.org/CVERecord?id=CVE-2019-11729", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11729", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11729", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", }, ], release_date: "2019-07-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", }, { acknowledgments: [ { names: [ "the Mozilla Project", ], }, ], cve: "CVE-2019-11745", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2019-11-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1774831", }, ], notes: [ { category: "description", text: "A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well.", title: "Vulnerability description", }, { category: "summary", text: "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", title: "Vulnerability summary", }, { category: "other", text: "Firefox and Thunderbird on Red Hat Enterprise Linux are built against the system nss library.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11745", }, { category: "external", summary: "RHBZ#1774831", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1774831", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11745", url: "https://www.cve.org/CVERecord?id=CVE-2019-11745", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11745", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11745", }, { category: "external", summary: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", }, { category: "external", summary: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", }, ], release_date: "2019-11-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", }, { cve: "CVE-2019-13734", discovery_date: "2019-12-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1781980", }, ], notes: [ { category: "description", text: "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "Vulnerability description", }, { category: "summary", text: "sqlite: fts3: improve shadow table corruption detection", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-13734", }, { category: "external", summary: "RHBZ#1781980", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1781980", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-13734", url: "https://www.cve.org/CVERecord?id=CVE-2019-13734", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-13734", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-13734", }, { category: "external", summary: "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", }, ], release_date: "2019-12-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "sqlite: fts3: improve shadow table corruption detection", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1734", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, discovery_date: "2019-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1801804", }, ], notes: [ { category: "description", text: "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.", title: "Vulnerability description", }, { category: "summary", text: "ansible: shell enabled by default in a pipe lookup plugin subprocess", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1734", }, { category: "external", summary: "RHBZ#1801804", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801804", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1734", url: "https://www.cve.org/CVERecord?id=CVE-2020-1734", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1734", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1734", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "This issue can be avoided by escaping variables which are used in the lookup.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: shell enabled by default in a pipe lookup plugin subprocess", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1735", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802085", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.", title: "Vulnerability description", }, { category: "summary", text: "ansible: path injection on dest parameter in fetch module", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "RHBZ#1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1735", url: "https://www.cve.org/CVERecord?id=CVE-2020-1735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: path injection on dest parameter in fetch module", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1736", cwe: { id: "CWE-732", name: "Incorrect Permission Assignment for Critical Resource", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802124", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This issue affects only the newly created files and not existing ones. If the file already exists at the final destination, those permissions are retained. This could lead to the disclosure of sensitive data.", title: "Vulnerability description", }, { category: "summary", text: "ansible: atomic_move primitive sets permissive permissions", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.8.14 and 2.9.12 as well as previous versions and all 2.7.x versions are affected.\n\nAnsible Tower 3.6.5 and 3.7.2 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1736", }, { category: "external", summary: "RHBZ#1802124", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802124", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1736", url: "https://www.cve.org/CVERecord?id=CVE-2020-1736", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1736", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1736", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "This issue can be mitigated by specifying the \"mode\" on the task. That just leaves a race condition in place where newly created files that specify a mode in the task briefly go from 666 - umask to the final mode. An alternative workaround if many new files are created and to avoid setting a specific mode for each file would be to set the \"mode\" to \"preserve\" value. That will maintain the permissions of the source file on the controller in the final file on the managed host.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.2, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: atomic_move primitive sets permissive permissions", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1737", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-02-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802154", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Extract-Zip function in win_unzip module does not check extracted path", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "RHBZ#1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1737", url: "https://www.cve.org/CVERecord?id=CVE-2020-1737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: Extract-Zip function in win_unzip module does not check extracted path", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1738", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802164", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file.", title: "Vulnerability description", }, { category: "summary", text: "ansible: module package can be selected by the ansible facts", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1738", }, { category: "external", summary: "RHBZ#1802164", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802164", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1738", url: "https://www.cve.org/CVERecord?id=CVE-2020-1738", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1738", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1738", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Specify the parameter 'use' when possible on the package and service modules. Avoid using Ansible Collections on Ansible 2.8.9 or 2.7.16 (and any of the previous versions) as they are not rejecting python with no path (already fixed in 2.9.x).", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: module package can be selected by the ansible facts", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1739", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802178", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "Vulnerability description", }, { category: "summary", text: "ansible: svn module leaks password when specified as a parameter", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "RHBZ#1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1739", url: "https://www.cve.org/CVERecord?id=CVE-2020-1739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Instead of using the parameter 'password' of the subversion module, provide the password with stdin.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: svn module leaks password when specified as a parameter", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1740", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802193", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.", title: "Vulnerability description", }, { category: "summary", text: "ansible: secrets readable after ansible-vault edit", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "RHBZ#1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1740", url: "https://www.cve.org/CVERecord?id=CVE-2020-1740", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the 'edit' option from 'ansible-vault' command line tool.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: secrets readable after ansible-vault edit", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-1746", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2019-12-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1805491", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "RHBZ#1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1746", url: "https://www.cve.org/CVERecord?id=CVE-2020-1746", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", }, ], release_date: "2020-02-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", }, { acknowledgments: [ { names: [ "Abhijeet Kasurde", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2020-1753", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, discovery_date: "2020-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1811008", }, ], notes: [ { category: "description", text: "A security flaw was found in the Ansible Engine when managing Kubernetes using the k8s connection plugin. Sensitive parameters such as passwords and tokens are passed to the kubectl command line instead of using environment variables or an input configuration file, which is safer. This flaw discloses passwords and tokens from the process list, and the no_log directive from the debug module would not be reflected in the underlying command-line tools options, displaying passwords and tokens on stdout and log files.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: kubectl connection plugin leaks sensitive information", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.17, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1753", }, { category: "external", summary: "RHBZ#1811008", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1811008", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1753", url: "https://www.cve.org/CVERecord?id=CVE-2020-1753", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", }, ], release_date: "2020-03-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Currently, there is no mitigation for this issue.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: kubectl connection plugin leaks sensitive information", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10684", cwe: { id: "CWE-862", name: "Missing Authorization", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1815519", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: code injection when using ansible_facts as a subkey", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "RHBZ#1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10684", url: "https://www.cve.org/CVERecord?id=CVE-2020-10684", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", }, ], release_date: "2020-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Ansible: code injection when using ansible_facts as a subkey", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10685", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1814627", }, ], notes: [ { category: "description", text: "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: modules which use files encrypted with vault are not properly cleaned up", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "RHBZ#1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10685", url: "https://www.cve.org/CVERecord?id=CVE-2020-10685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", }, ], release_date: "2020-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-18T15:13:57+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:0547", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.", product_ids: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: modules which use files encrypted with vault are not properly cleaned up", }, ], }
rhsa-2020_1543
Vulnerability from csaf_redhat
Published
2020-04-22 14:11
Modified
2024-11-15 08:28
Summary
Red Hat Security Advisory: Ansible security and bug fix update (2.8.11)
Notes
Topic
An update for ansible is now available for Ansible Engine 2.8
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Ansible is a simple model-driven configuration management, multi-node
deployment, and remote-task execution system. Ansible works over SSH and
does not require any software or daemons to be installed on remote nodes.
Extension modules can be written in any language and are transferred to
managed machines automatically.
The following packages have been upgraded to a newer upstream version:
ansible (2.8.11)
Bug Fix(es):
* CVE-2020-10684 Ansible: code injection when using ansible_facts as a
subkey
* CVE-2020-10685 Ansible: modules which use files encrypted with vault are
not properly cleaned up
* CVE-2020-1733 ansible: insecure temporary directory when running
become_user from become directive
* CVE-2020-1735 ansible: path injection on dest parameter in fetch module
* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not
check extracted path
* CVE-2020-1739 ansible: svn module leaks password when specified as a
parameter
* CVE-2020-1740 ansible: secrets readable after ansible-vault edit
* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and
ldap_entry modules
See:
https://github.com/ansible/ansible/blob/v2.8.11/changelogs/CHANGELOG-v2.8.rst
for details on bug fixes in this release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for ansible is now available for Ansible Engine 2.8\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Ansible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH and\ndoes not require any software or daemons to be installed on remote nodes.\nExtension modules can be written in any language and are transferred to\nmanaged machines automatically.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.8.11)\n\nBug Fix(es):\n* CVE-2020-10684 Ansible: code injection when using ansible_facts as a\nsubkey\n* CVE-2020-10685 Ansible: modules which use files encrypted with vault are\nnot properly cleaned up\n* CVE-2020-1733 ansible: insecure temporary directory when running\nbecome_user from become directive\n* CVE-2020-1735 ansible: path injection on dest parameter in fetch module\n* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not\ncheck extracted path\n* CVE-2020-1739 ansible: svn module leaks password when specified as a\nparameter\n* CVE-2020-1740 ansible: secrets readable after ansible-vault edit\n* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and\nldap_entry modules\n\nSee:\nhttps://github.com/ansible/ansible/blob/v2.8.11/changelogs/CHANGELOG-v2.8.rst\nfor details on bug fixes in this release.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2020:1543", url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1801735", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", }, { category: "external", summary: "1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1543.json", }, ], title: "Red Hat Security Advisory: Ansible security and bug fix update (2.8.11)", tracking: { current_release_date: "2024-11-15T08:28:49+00:00", generator: { date: "2024-11-15T08:28:49+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2020:1543", initial_release_date: "2020-04-22T14:11:07+00:00", revision_history: [ { date: "2020-04-22T14:11:07+00:00", number: "1", summary: "Initial version", }, { date: "2020-04-22T14:11:07+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-15T08:28:49+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Ansible Engine 2.8 for RHEL 7 Server", product: { name: "Red Hat Ansible Engine 2.8 for RHEL 7 Server", product_id: "7Server-Ansible-2.8", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_engine:2.8::el7", }, }, }, { category: "product_name", name: "Red Hat Ansible Engine 2.8 for RHEL 8", product: { name: "Red Hat Ansible Engine 2.8 for RHEL 8", product_id: "8Base-Ansible-2.8", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_engine:2.8::el8", }, }, }, ], category: "product_family", name: "Red Hat Ansible Engine", }, { branches: [ { category: "product_version", name: "ansible-0:2.8.11-1.el7ae.noarch", product: { name: "ansible-0:2.8.11-1.el7ae.noarch", product_id: "ansible-0:2.8.11-1.el7ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.8.11-1.el7ae?arch=noarch", }, }, }, { category: "product_version", name: "ansible-0:2.8.11-1.el8ae.noarch", product: { name: "ansible-0:2.8.11-1.el8ae.noarch", product_id: "ansible-0:2.8.11-1.el8ae.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.8.11-1.el8ae?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "ansible-0:2.8.11-1.el7ae.src", product: { name: "ansible-0:2.8.11-1.el7ae.src", product_id: "ansible-0:2.8.11-1.el7ae.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.8.11-1.el7ae?arch=src", }, }, }, { category: "product_version", name: "ansible-0:2.8.11-1.el8ae.src", product: { name: "ansible-0:2.8.11-1.el8ae.src", product_id: "ansible-0:2.8.11-1.el8ae.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible@2.8.11-1.el8ae?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-0:2.8.11-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.8 for RHEL 7 Server", product_id: "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", }, product_reference: "ansible-0:2.8.11-1.el7ae.noarch", relates_to_product_reference: "7Server-Ansible-2.8", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.8.11-1.el7ae.src as a component of Red Hat Ansible Engine 2.8 for RHEL 7 Server", product_id: "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", }, product_reference: "ansible-0:2.8.11-1.el7ae.src", relates_to_product_reference: "7Server-Ansible-2.8", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.8.11-1.el8ae.noarch as a component of Red Hat Ansible Engine 2.8 for RHEL 8", product_id: "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", }, product_reference: "ansible-0:2.8.11-1.el8ae.noarch", relates_to_product_reference: "8Base-Ansible-2.8", }, { category: "default_component_of", full_product_name: { name: "ansible-0:2.8.11-1.el8ae.src as a component of Red Hat Ansible Engine 2.8 for RHEL 8", product_id: "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", }, product_reference: "ansible-0:2.8.11-1.el8ae.src", relates_to_product_reference: "8Base-Ansible-2.8", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1733", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1801735", }, ], notes: [ { category: "description", text: "A race condition flaw was found in Ansible Engine when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.", title: "Vulnerability description", }, { category: "summary", text: "ansible: insecure temporary directory when running become_user from become directive", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1733", }, { category: "external", summary: "RHBZ#1801735", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1733", url: "https://www.cve.org/CVERecord?id=CVE-2020-1733", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:07+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "workaround", details: "This issue can be mitigated by mounting the proc filesystem with hidepid=2 option (https://www.kernel.org/doc/Documentation/filesystems/proc.txt). This way only the user used by Ansible will be able to perform the attack as users on the system will be able to access only their processes /proc/$PID/ directories.\n\nAlso note that mounting proc filesystem with hidepid=2 might require re-mounting it on unpatched kernels, due to a kernel bug (see https://unix.stackexchange.com/questions/584054/why-procfs-mount-option-only-working-on-remount), there will be hidepid=3 in the future (https://patchwork.kernel.org/patch/11310217/).", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: insecure temporary directory when running become_user from become directive", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1735", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802085", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.", title: "Vulnerability description", }, { category: "summary", text: "ansible: path injection on dest parameter in fetch module", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "RHBZ#1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1735", url: "https://www.cve.org/CVERecord?id=CVE-2020-1735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:07+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: path injection on dest parameter in fetch module", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1737", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-02-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802154", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Extract-Zip function in win_unzip module does not check extracted path", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "RHBZ#1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1737", url: "https://www.cve.org/CVERecord?id=CVE-2020-1737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:07+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: Extract-Zip function in win_unzip module does not check extracted path", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1739", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802178", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "Vulnerability description", }, { category: "summary", text: "ansible: svn module leaks password when specified as a parameter", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "RHBZ#1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1739", url: "https://www.cve.org/CVERecord?id=CVE-2020-1739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:07+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "workaround", details: "Instead of using the parameter 'password' of the subversion module, provide the password with stdin.", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: svn module leaks password when specified as a parameter", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1740", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802193", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.", title: "Vulnerability description", }, { category: "summary", text: "ansible: secrets readable after ansible-vault edit", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "RHBZ#1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1740", url: "https://www.cve.org/CVERecord?id=CVE-2020-1740", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:07+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the 'edit' option from 'ansible-vault' command line tool.", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: secrets readable after ansible-vault edit", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-1746", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2019-12-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1805491", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "RHBZ#1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1746", url: "https://www.cve.org/CVERecord?id=CVE-2020-1746", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", }, ], release_date: "2020-02-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:07+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "workaround", details: "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10684", cwe: { id: "CWE-862", name: "Missing Authorization", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1815519", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: code injection when using ansible_facts as a subkey", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "RHBZ#1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10684", url: "https://www.cve.org/CVERecord?id=CVE-2020-10684", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", }, ], release_date: "2020-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:07+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "workaround", details: "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Ansible: code injection when using ansible_facts as a subkey", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10685", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1814627", }, ], notes: [ { category: "description", text: "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: modules which use files encrypted with vault are not properly cleaned up", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "RHBZ#1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10685", url: "https://www.cve.org/CVERecord?id=CVE-2020-10685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", }, ], release_date: "2020-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T14:11:07+00:00", details: "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.", product_ids: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.11-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.11-1.el8ae.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: modules which use files encrypted with vault are not properly cleaned up", }, ], }
ghsa-gfr2-qpxh-qj9m
Vulnerability from github
Published
2021-04-07 20:35
Modified
2024-09-09 21:18
Severity ?
4.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
4.6 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
4.6 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Summary
Path Traversal in Ansible
Details
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
{ affected: [ { package: { ecosystem: "PyPI", name: "ansible", }, ranges: [ { events: [ { introduced: "2.7.0a1", }, { fixed: "2.7.18", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "PyPI", name: "ansible", }, ranges: [ { events: [ { introduced: "2.8.0a1", }, { fixed: "2.8.12", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "PyPI", name: "ansible", }, ranges: [ { events: [ { introduced: "2.9.0a1", }, { fixed: "2.9.8", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2020-1735", ], database_specific: { cwe_ids: [ "CWE-22", ], github_reviewed: true, github_reviewed_at: "2021-04-05T17:54:51Z", nvd_published_at: "2020-03-16T16:15:00Z", severity: "MODERATE", }, details: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", id: "GHSA-gfr2-qpxh-qj9m", modified: "2024-09-09T21:18:37Z", published: "2021-04-07T20:35:24Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", }, { type: "WEB", url: "https://github.com/ansible/ansible/issues/67793", }, { type: "WEB", url: "https://github.com/ansible/ansible/pull/69023", }, { type: "WEB", url: "https://github.com/ansible/ansible/pull/69024", }, { type: "WEB", url: "https://github.com/ansible/ansible/pull/69025", }, { type: "WEB", url: "https://github.com/ansible/ansible/commit/18f91bbb88a84b1d3614ef41c3550da735592ac1", }, { type: "WEB", url: "https://github.com/ansible/ansible/commit/40969ff43812fabf5397f818d9e521f9b39c9c9a", }, { type: "WEB", url: "https://github.com/ansible/ansible/commit/de9a4f5474c5f5db442ae7493d6b5da7177e335d", }, { type: "WEB", url: "https://security.gentoo.org/glsa/202006-11", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW", }, { type: "WEB", url: "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-7.yaml", }, { type: "WEB", url: "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes-7", }, { type: "PACKAGE", url: "https://github.com/ansible/ansible", }, { type: "ADVISORY", url: "https://github.com/advisories/GHSA-gfr2-qpxh-qj9m", }, { type: "WEB", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", type: "CVSS_V3", }, { score: "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N", type: "CVSS_V4", }, ], summary: "Path Traversal in Ansible", }
WID-SEC-W-2023-2478
Vulnerability from csaf_certbund
Published
2020-03-16 23:00
Modified
2024-12-03 23:00
Summary
Ansible: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Ansible ist eine Software zur Automatisierung von Cloud Provisionierung,
zum Konfigurationsmanagement und zur Anwendungsbereitstellung.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen in Ansible ausnutzen, um Sicherheitsvorkehrungen zu umgehen und Informationen offenzulegen
Betroffene Betriebssysteme
- Linux
- UNIX
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Ansible ist eine Software zur Automatisierung von Cloud Provisionierung,\r\nzum Konfigurationsmanagement und zur Anwendungsbereitstellung.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein lokaler Angreifer kann mehrere Schwachstellen in Ansible ausnutzen, um Sicherheitsvorkehrungen zu umgehen und Informationen offenzulegen", title: "Angriff", }, { category: "general", text: "- Linux\n- UNIX", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2478 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2023-2478.json", }, { category: "self", summary: "WID-SEC-2023-2478 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2478", }, { category: "external", summary: "NIST Database vom 2020-03-16", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", }, { category: "external", summary: "NIST Database vom 2020-03-16", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1738", }, { category: "external", summary: "NIST Database vom 2020-03-16", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1736", }, { category: "external", summary: "NIST Database vom 2020-03-16", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", }, { category: "external", summary: "NIST Database vom 2020-03-16", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:1543 vom 2020-04-22", url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:1542 vom 2020-04-22", url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:1541 vom 2020-04-22", url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:1544 vom 2020-04-22", url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "external", summary: "Debian Security Advisory DLA 2202 vom 2020-05-05", url: "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202005/msg00005.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:2142 vom 2020-05-13", url: "https://access.redhat.com/errata/RHSA-2020:2142", }, { category: "external", summary: "Debian Security Advisory DSA-4950 vom 2021-08-07", url: "https://www.debian.org/security/2021/dsa-4950", }, { category: "external", summary: "Amazon Linux Security Advisory ALASANSIBLE2-2023-008 vom 2023-09-27", url: "https://alas.aws.amazon.com/AL2/ALASANSIBLE2-2023-008.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALASANSIBLE2-2023-006 vom 2023-09-27", url: "https://alas.aws.amazon.com/AL2/ALASANSIBLE2-2023-006.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:1509-1 vom 2024-05-06", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018463.html", }, { category: "external", summary: "openSUSE Security Update OPENSUSE-SU-2024:14536-1 vom 2024-12-03", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7LWEIR2LXW4QRWCY6HDMLUO2OTX5OZIC/", }, ], source_lang: "en-US", title: "Ansible: Mehrere Schwachstellen", tracking: { current_release_date: "2024-12-03T23:00:00.000+00:00", generator: { date: "2024-12-04T11:20:41.493+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2023-2478", initial_release_date: "2020-03-16T23:00:00.000+00:00", revision_history: [ { date: "2020-03-16T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2020-04-22T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-05-05T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Debian aufgenommen", }, { date: "2020-05-13T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2021-08-08T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Debian aufgenommen", }, { date: "2023-09-27T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-05-06T22:00:00.000+00:00", number: "7", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-12-03T23:00:00.000+00:00", number: "8", summary: "Neue Updates von openSUSE aufgenommen", }, ], status: "final", version: "8", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { branches: [ { category: "product_version_range", name: "<2.7.17", product: { name: "Open Source Ansible <2.7.17", product_id: "T016043", }, }, { category: "product_version", name: "2.7.17", product: { name: "Open Source Ansible 2.7.17", product_id: "T016043-fixed", product_identification_helper: { cpe: "cpe:/a:open_source:ansible:2.7.17", }, }, }, { category: "product_version_range", name: "<2.8.11", product: { name: "Open Source Ansible <2.8.11", product_id: "T016096", }, }, { category: "product_version", name: "2.8.11", product: { name: "Open Source Ansible 2.8.11", product_id: "T016096-fixed", product_identification_helper: { cpe: "cpe:/a:open_source:ansible:2.8.11", }, }, }, { category: "product_version_range", name: "<2.9.7", product: { name: "Open Source Ansible <2.9.7", product_id: "T016097", }, }, { category: "product_version", name: "2.9.7", product: { name: "Open Source Ansible 2.9.7", product_id: "T016097-fixed", product_identification_helper: { cpe: "cpe:/a:open_source:ansible:2.9.7", }, }, }, ], category: "product_name", name: "Ansible", }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, { category: "product_name", name: "SUSE openSUSE", product: { name: "SUSE openSUSE", product_id: "T027843", product_identification_helper: { cpe: "cpe:/o:suse:opensuse:-", }, }, }, ], category: "vendor", name: "SUSE", }, ], }, vulnerabilities: [ { cve: "CVE-2020-1735", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Ansible. Bei der Verwendung des Fetch-Moduls kann ein Angreifer einen neuen Pfad injizieren und so einen neuen Zielpfad am Controller-Knoten auswählen.", }, ], product_status: { known_affected: [ "T016043", "T016097", "T016096", "2951", "T002207", "67646", "T027843", "398363", ], }, release_date: "2020-03-16T23:00:00.000+00:00", title: "CVE-2020-1735", }, { cve: "CVE-2020-1736", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Ansible. Wenn eine Datei mit dem atomic_move Element verschoben wird, kann der Dateimodus nicht angegeben werden. In der Folge werden die Zieldateien \"world-readable\". Ein Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen.", }, ], product_status: { known_affected: [ "T016043", "T016097", "T016096", "2951", "T002207", "67646", "T027843", "398363", ], }, release_date: "2020-03-16T23:00:00.000+00:00", title: "CVE-2020-1736", }, { cve: "CVE-2020-1738", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Ansible, wenn das \"module\" Paket oder der Dienst verwendet wird und der Parameter 'use' nicht angegeben ist. Ein loklaer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitseinstellungen zu umgehen.", }, ], product_status: { known_affected: [ "T016043", "T016097", "T016096", "2951", "T002207", "67646", "T027843", "398363", ], }, release_date: "2020-03-16T23:00:00.000+00:00", title: "CVE-2020-1738", }, { cve: "CVE-2020-1740", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Ansible. Wenn Ansible Vault zum Bearbeiten verschlüsselter Dateien verwendet wird und ein Benutzer \"ansible-vault edit\" ausführt, kann ein anderer Benutzer auf demselben Computer das alte und das neue Geheimnis lesen. Ein loklaler Angreifer kann Diese Schwachstelle ausnutzen, um Informationen offenzulegen.", }, ], product_status: { known_affected: [ "T016043", "T016097", "T016096", "2951", "T002207", "67646", "T027843", "398363", ], }, release_date: "2020-03-16T23:00:00.000+00:00", title: "CVE-2020-1740", }, { cve: "CVE-2020-1753", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Ansible bei der Verwaltung von Kubernetes mit dem k8s-Modul. Sensible Parameter wie Passwörter und Token werden von der Kommandozeile direkt an \"kubectl\" übergeben, nicht über eine Umgebungsvariable oder eine Eingabekonfigurationsdatei. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Passwörter und Token aus der Prozessliste offenzulegen.", }, ], product_status: { known_affected: [ "T016043", "T016097", "T016096", "2951", "T002207", "67646", "T027843", "398363", ], }, release_date: "2020-03-16T23:00:00.000+00:00", title: "CVE-2020-1753", }, ], }
wid-sec-w-2023-2478
Vulnerability from csaf_certbund
Published
2020-03-16 23:00
Modified
2024-12-03 23:00
Summary
Ansible: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Ansible ist eine Software zur Automatisierung von Cloud Provisionierung,
zum Konfigurationsmanagement und zur Anwendungsbereitstellung.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen in Ansible ausnutzen, um Sicherheitsvorkehrungen zu umgehen und Informationen offenzulegen
Betroffene Betriebssysteme
- Linux
- UNIX
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Ansible ist eine Software zur Automatisierung von Cloud Provisionierung,\r\nzum Konfigurationsmanagement und zur Anwendungsbereitstellung.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein lokaler Angreifer kann mehrere Schwachstellen in Ansible ausnutzen, um Sicherheitsvorkehrungen zu umgehen und Informationen offenzulegen", title: "Angriff", }, { category: "general", text: "- Linux\n- UNIX", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2478 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2023-2478.json", }, { category: "self", summary: "WID-SEC-2023-2478 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2478", }, { category: "external", summary: "NIST Database vom 2020-03-16", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", }, { category: "external", summary: "NIST Database vom 2020-03-16", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1738", }, { category: "external", summary: "NIST Database vom 2020-03-16", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1736", }, { category: "external", summary: "NIST Database vom 2020-03-16", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", }, { category: "external", summary: "NIST Database vom 2020-03-16", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:1543 vom 2020-04-22", url: "https://access.redhat.com/errata/RHSA-2020:1543", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:1542 vom 2020-04-22", url: "https://access.redhat.com/errata/RHSA-2020:1542", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:1541 vom 2020-04-22", url: "https://access.redhat.com/errata/RHSA-2020:1541", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:1544 vom 2020-04-22", url: "https://access.redhat.com/errata/RHSA-2020:1544", }, { category: "external", summary: "Debian Security Advisory DLA 2202 vom 2020-05-05", url: "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202005/msg00005.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:2142 vom 2020-05-13", url: "https://access.redhat.com/errata/RHSA-2020:2142", }, { category: "external", summary: "Debian Security Advisory DSA-4950 vom 2021-08-07", url: "https://www.debian.org/security/2021/dsa-4950", }, { category: "external", summary: "Amazon Linux Security Advisory ALASANSIBLE2-2023-008 vom 2023-09-27", url: "https://alas.aws.amazon.com/AL2/ALASANSIBLE2-2023-008.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALASANSIBLE2-2023-006 vom 2023-09-27", url: "https://alas.aws.amazon.com/AL2/ALASANSIBLE2-2023-006.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:1509-1 vom 2024-05-06", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018463.html", }, { category: "external", summary: "openSUSE Security Update OPENSUSE-SU-2024:14536-1 vom 2024-12-03", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7LWEIR2LXW4QRWCY6HDMLUO2OTX5OZIC/", }, ], source_lang: "en-US", title: "Ansible: Mehrere Schwachstellen", tracking: { current_release_date: "2024-12-03T23:00:00.000+00:00", generator: { date: "2024-12-04T11:20:41.493+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2023-2478", initial_release_date: "2020-03-16T23:00:00.000+00:00", revision_history: [ { date: "2020-03-16T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2020-04-22T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-05-05T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Debian aufgenommen", }, { date: "2020-05-13T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2021-08-08T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Debian aufgenommen", }, { date: "2023-09-27T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-05-06T22:00:00.000+00:00", number: "7", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-12-03T23:00:00.000+00:00", number: "8", summary: "Neue Updates von openSUSE aufgenommen", }, ], status: "final", version: "8", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { branches: [ { category: "product_version_range", name: "<2.7.17", product: { name: "Open Source Ansible <2.7.17", product_id: "T016043", }, }, { category: "product_version", name: "2.7.17", product: { name: "Open Source Ansible 2.7.17", product_id: "T016043-fixed", product_identification_helper: { cpe: "cpe:/a:open_source:ansible:2.7.17", }, }, }, { category: "product_version_range", name: "<2.8.11", product: { name: "Open Source Ansible <2.8.11", product_id: "T016096", }, }, { category: "product_version", name: "2.8.11", product: { name: "Open Source Ansible 2.8.11", product_id: "T016096-fixed", product_identification_helper: { cpe: "cpe:/a:open_source:ansible:2.8.11", }, }, }, { category: "product_version_range", name: "<2.9.7", product: { name: "Open Source Ansible <2.9.7", product_id: "T016097", }, }, { category: "product_version", name: "2.9.7", product: { name: "Open Source Ansible 2.9.7", product_id: "T016097-fixed", product_identification_helper: { cpe: "cpe:/a:open_source:ansible:2.9.7", }, }, }, ], category: "product_name", name: "Ansible", }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, { category: "product_name", name: "SUSE openSUSE", product: { name: "SUSE openSUSE", product_id: "T027843", product_identification_helper: { cpe: "cpe:/o:suse:opensuse:-", }, }, }, ], category: "vendor", name: "SUSE", }, ], }, vulnerabilities: [ { cve: "CVE-2020-1735", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Ansible. Bei der Verwendung des Fetch-Moduls kann ein Angreifer einen neuen Pfad injizieren und so einen neuen Zielpfad am Controller-Knoten auswählen.", }, ], product_status: { known_affected: [ "T016043", "T016097", "T016096", "2951", "T002207", "67646", "T027843", "398363", ], }, release_date: "2020-03-16T23:00:00.000+00:00", title: "CVE-2020-1735", }, { cve: "CVE-2020-1736", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Ansible. Wenn eine Datei mit dem atomic_move Element verschoben wird, kann der Dateimodus nicht angegeben werden. In der Folge werden die Zieldateien \"world-readable\". Ein Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen.", }, ], product_status: { known_affected: [ "T016043", "T016097", "T016096", "2951", "T002207", "67646", "T027843", "398363", ], }, release_date: "2020-03-16T23:00:00.000+00:00", title: "CVE-2020-1736", }, { cve: "CVE-2020-1738", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Ansible, wenn das \"module\" Paket oder der Dienst verwendet wird und der Parameter 'use' nicht angegeben ist. Ein loklaer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitseinstellungen zu umgehen.", }, ], product_status: { known_affected: [ "T016043", "T016097", "T016096", "2951", "T002207", "67646", "T027843", "398363", ], }, release_date: "2020-03-16T23:00:00.000+00:00", title: "CVE-2020-1738", }, { cve: "CVE-2020-1740", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Ansible. Wenn Ansible Vault zum Bearbeiten verschlüsselter Dateien verwendet wird und ein Benutzer \"ansible-vault edit\" ausführt, kann ein anderer Benutzer auf demselben Computer das alte und das neue Geheimnis lesen. Ein loklaler Angreifer kann Diese Schwachstelle ausnutzen, um Informationen offenzulegen.", }, ], product_status: { known_affected: [ "T016043", "T016097", "T016096", "2951", "T002207", "67646", "T027843", "398363", ], }, release_date: "2020-03-16T23:00:00.000+00:00", title: "CVE-2020-1740", }, { cve: "CVE-2020-1753", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Ansible bei der Verwaltung von Kubernetes mit dem k8s-Modul. Sensible Parameter wie Passwörter und Token werden von der Kommandozeile direkt an \"kubectl\" übergeben, nicht über eine Umgebungsvariable oder eine Eingabekonfigurationsdatei. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Passwörter und Token aus der Prozessliste offenzulegen.", }, ], product_status: { known_affected: [ "T016043", "T016097", "T016096", "2951", "T002207", "67646", "T027843", "398363", ], }, release_date: "2020-03-16T23:00:00.000+00:00", title: "CVE-2020-1753", }, ], }
suse-su-2020:3309-1
Vulnerability from csaf_suse
Published
2020-11-12 14:17
Modified
2020-11-12 14:17
Summary
Security update for ansible, ardana-ansible, ardana-cinder, ardana-glance, ardana-mq, ardana-nova, ardana-osconfig, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-monasca-installer, openstack-neutron, openstack-nova, python-Django, python-Flask-Cors, python-Pillow, python-ardana-packager, python-keystoneclient, python-keystonemiddleware, python-kombu, python-straight-plugin, python-urllib3, release-notes-suse-openstack-cloud, storm, storm-kit, venv-openstack-cinder, venv-openstack-swift
Notes
Title of the patch
Security update for ansible, ardana-ansible, ardana-cinder, ardana-glance, ardana-mq, ardana-nova, ardana-osconfig, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-monasca-installer, openstack-neutron, openstack-nova, python-Django, python-Flask-Cors, python-Pillow, python-ardana-packager, python-keystoneclient, python-keystonemiddleware, python-kombu, python-straight-plugin, python-urllib3, release-notes-suse-openstack-cloud, storm, storm-kit, venv-openstack-cinder, venv-openstack-swift
Description of the patch
This update for ansible, ardana-ansible, ardana-cinder, ardana-glance, ardana-mq, ardana-nova, ardana-osconfig, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-monasca-installer, openstack-neutron, openstack-nova, python-Django, python-Flask-Cors, python-Pillow, python-ardana-packager, python-keystoneclient, python-keystonemiddleware, python-kombu, python-straight-plugin, python-urllib3, release-notes-suse-openstack-cloud, storm, storm-kit, venv-openstack-cinder, venv-openstack-swift contains the following fixes:
Security fixes included in this update:
ansible to 2.9.14:
- CVE-2020-1733: Fixed insecure temporary directory when running
become_user (bsc#1164140).
- CVE-2020-1753: Kubectl connection plugin - connection plugin now
redact kubectl_token and kubectl_password in console log. (bsc#1166389)
- CVE-2020-14365: Previously, regardless of the disable_gpg_check
option, packages were not GPG validated. They are now. (bsc#1175993)
- CVE-2020-14332: copy - Redact the value of the no_log 'content'
parameter in the result's invocation.module_args in check mode.
Previously when used with check mode and with '-vvv', the module would
not censor the content if a change would be made to the destination
path. (bsc#1174302)
- CVE-2020-1736: atomic_move - Change default permissions when creating
temporary files so they are not world readable (bsc#1164134).
- CVE-2020-14330: Sanitize no_log values from any response keys that
might be returned from the uri module (bsc#1174145).
- CVE-2019-14846: Reset logging level to INFO. (bsc#1153452).
- CVE-2020-10744: incomplete fix for CVE-2020-1733 (bsc#1171823).
grafana:
- CVE-2018-18623, CVE-2018-18624,CVE-2018-18625: Fixed multiple XSS
vulnerabilities in dashboard due to a incomplete fix for CVE-2018-12099
(bsc#1172450).
- CVE-2020-11110: Fixed a stored XSS (bsc#1174583).
openstack-nova:
- CVE-2020-17376: Fixed an information leak during live migration (bsc#1175484).
python-Django to 1.11.29
- CVE-2020-7471: Fixed a SQL injection via StringAgg delimiter (bsc#1161919).
- CVE-2020-9402: Fixed a SQL injection via tolerance parameter in GIS functions
and aggregates (bsc#1165022).
- CVE-2019-19844: Fixed a potential account hijack via password reset form (bsc#1159447).
python-Flask-Cors
- CVE-2020-25032: Fixed a potential information leak through path traversal (bsc#1175986).
python-Pillow
- CVE-2020-10177: Fixed multiple out-of-bounds reads in libImaging/FliDecode.c (bsc#1173413).
- CVE-2020-10994: Fixed multiple out-of-bounds reads via a crafted JP2 files (bsc#1173418).
- CVE-2020-10378: Fixed an out-of-bounds read when reading PCX files (bsc#1173416).
python-urllib3
- CVE-2020-26137: Fixed CRLF injection via HTTP request method (bsc#1177120)
storm:
- CVE-2018-11779: Fixed java deserialization vulnerability related to the usage of
storm-kafka-client or storm-kafka modules (bsc#1143163).
- CVE-2019-0202: Fixed an information leak related to the log viewer (bsc#1142617).
rubygem-crowbar-client update to 3.9.3:
- CVE-2018-17954: Fixed information leak of the admin password to all
nodes in cleartext during provisioning (bsc#1117080)
Non-security fixes included on this update:
Changes in ansible:
- Update to ansible 2.9.14:
- minor bugs and fixes, including security bugs:
- CVE-2020-1753, bsc#1166389: Kubectl connection plugin - connection
plugin now redact kubectl_token and kubectl_password in console
log.
- revert CVE-2020-1736. Users are encouraged to specify a mode
parameter in their file-based tasks when the files being
manipulated contain sensitive data.
- CVE-2020-14365, bsc#1175993: Previously, regardless of the
disable_gpg_check option, packages were not GPG validated. They
are now.
- CVE-2020-14332, bsc#1174302: copy - Redact the value of the no_log
'content' parameter in the result's invocation.module_args in
check mode. Previously when used with check mode and with '-vvv',
the module would not censor the content if a change would be made
to the destination path.
- CVE-2020-1736, bsc#1164134: atomic_move - Change default
permissions when creating temporary files so they are not world
readable
- CVE-2020-14330, bsc#1174145: Sanitize no_log values from any
response keys that might be returned from the uri module.
- CVE-2019-14846, bsc#1153452: Reset logging level to INFO.
- CVE-2020-10744, bsc#1171823, gh#ansible/ansible#69782: incomplete
fix for CVE-2020-1733
- Remove patches included upstream:
- CVE-2020-14330_exposed_keys_uri_mod.patch
- CVE-2020-10744_avoid_mkdir_p.patch
- Don't Require python-coverage, it is needed only for testing
(bsc#1177948).
- Add CVE-2020-14330_exposed_keys_uri_mod.patch which fixes
CVE-2020-14330 (bsc#1174145). Sanitize no_log values from any
response keys that might be returned from the uri module.
Sensitive values marked with ``no_log=True`` will automatically
have that value stripped from module return values. If
your module could return these sensitive values as
part of a dictionary key name, you should call the
``ansible.module_utils.basic.sanitize_keys()`` function to
strip the values from the keys. See the ``uri`` module for an
example.
- importlib and argparse are required only on SLE-11 and less.
- Add CVE-2020-10744_avoid_mkdir_p.patch (bsc#1171823) to fix
insecure temporary directory creation.
- Add metadata information to this file to mark which SUSE
bugzilla have been already fixed.
- Remove CVE-2017-7550-jenkins-disallow-password-in-params.patch
as it has been already included in 2.4.1.0
- update to version 2.9.9
* fix for a regression introduced in 2.9.8
- update to version 2.9.8
maintenance release containing numerous bugfixes
- update to version 2.9.7 with many bug fixes,
especially for these security issues:
- bsc#1164140 CVE-2020-1733 - insecure temporary directory when
running become_user from become directive
- bsc#1164139 CVE-2020-1734 shell enabled by default in a pipe
lookup plugin subprocess
- bsc#1164137 CVE-2020-1735 - path injection on dest parameter
in fetch module
- bsc#1164134 CVE-2020-1736 atomic_move primitive sets
permissive permissions
- bsc#1164138 CVE-2020-1737 - Extract-Zip function in win_unzip
module does not check extracted path
- bsc#1164136 CVE-2020-1738 module package can be selected by
the ansible facts
- bsc#1164133 CVE-2020-1739 - svn module leaks password when
specified as a parameter
- bsc#1164135 CVE-2020-1740 - secrets readable after
ansible-vault edit
- bsc#1165393 CVE-2020-1746 - information disclosure issue in
ldap_attr and ldap_entry modules
- bsc#1166389 CVE-2020-1753 - kubectl connection plugin leaks
sensitive information
- bsc#1167532 CVE-2020-10684 - code injection when using
ansible_facts as a subkey
- bsc#1167440 CVE-2020-10685 - modules which use files
encrypted with vault are not properly cleaned up
- CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2]
- create missing (empty) template and files directories for
'ansible-galaxy init' during package build (fixes boo#1137479)
- require python-xml on python 2 systems (boo#1142542)
- update to version 2.9.6 (maintenance release) including
these security issues:
- bsc#1171162 CVE-2020-10729 two random password lookups in
same task return same value
- update to version 2.9.5 (maintenance release)
- update to version 2.9.4 (maintenance release)
- fix in yum module
- security fixes:
- bsc#1157968 CVE-2019-14904 vulnerability in solaris_zone
module via crafted solaris zone
- bsc#1157969 CVE-2019-14905 malicious code could craft
filename in nxos_file_copy module
- update to version 2.9.3 (maintenance release)
* security fixes
- CVE-2019-14904 (solaris_zone module) (boo#1157968)
- CVE-2019-14905 (nxos_file_copy module) (boo#1157969)
* various bugfixes
- sync with upstream spec file (especially for RHEL & Fedora builds)
- ran spec-cleaner
- remove old SUSE targets (SLE-11, Leap 42.3 and below)
This simplifies the spec file and makes building easier
- Additional required packages for building:
+ python-boto3 and python-botocore for Amazon EC2
+ python-jmespath for json queries
+ python-memcached for cloud modules and local caching of JSON
formatted, per host records
+ python-redis for cloud modules and local caching of JSON
formatted, per host records
+ python-requests for many web-based modules (cloud, network,
netapp)
=> as the need for those packages depends on the usage of the
tool, they are just recommended on openSUSE/SUSE machines
- made dependencies for gitlab, vmware and winrm modules configurable,
as most of their dependencies are not (yet) available on current
openSUSE/SUSE distributions
- exclude /usr/bin/pwsh from the automatic dependency generation,
as the Windows Power Shell is not available (yet) on openSUSE/SUSE
- build additional docs and split up ansible-doc package;
moving changelogs, contrib and example directories there
- prepare for building HTML documentation, but disable this per
default for the moment, as not all package dependencies are available
in openSUSE/SUSE (yet)
- package some test scripts with executable permissions
- update to version 2.9.2
maintenance release containing numerous bugfixes
- Create system directories that Ansible defines as default locations
in ansible/config/base.yml
- rephrase the summary line
- Disable shebang munging for specific paths. These files are data files.
ansible-test munges the shebangs itself.
- split out ansible-test package for module developers
- update to version 2.9.1
Full changelog is packaged at /usr/share/doc/packages/ansible/changelogs/
and also available online at
https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst
+ CVE-2019-14864: fixed Splunk and Sumologic callback plugins leak
sensitive data in logs (boo#1154830)
- replace all #!/usr/bin/env lines to use #!/usr/bin/$1 directly
- added file '/usr/bin/ansible-test' to spec file
- Update to version 2.9.0:
Full changelog is packaged at /usr/share/doc/packages/ansible/changelogs/
and also available online at
https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst
- Fixed among other this security bug:
- bsc#1112959 CVE-2018-16837 Information leak in 'user' module patch added
- include the sha checksum file in the source, which allows to verify
the original sources
- Update to version 2.8.6:
Full changelog is packaged at /usr/share/doc/packages/ansible/changelogs/
and also available online at
https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst
Included security fixes:
* CVE-2019-14846: Fixed secrets disclosure on logs due to display is hardcoded
to DEBUG level (bsc#1153452)
* CVE-2019-14856: Fixed insufficient fix for CVE-2019-10206 (bsc#1154232)
* CVE-2019-14858: Fixed data in the sub parameter fields that will not be masked
and will be displayed when run with increased verbosity (bsc#1154231)
- Update to version 2.8.5:
Full changelog is packaged at /usr/share/doc/packages/ansible/changelogs/
and also available online at
https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst
- removed patches fixed upstream:
+ CVE-2019-10206-data-disclosure.patch
+ CVE-2019-10217-gcp-modules-sensitive-fields.patch
- Update to version 2.8.3:
Full changelog is packaged, but also at
https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst
- (bsc#1137528) CVE-2019-10156: ansible: templating causing an
unexpected key file to be set on remote node
- (bsc#1144453) Adds CVE-2019-10217-gcp-modules-sensitive-fields.patch
CVE-2019-10217: Fields managing sensitive data should be set as
such by no_log feature. Some of these fields in GCP modules are
not set properly. service_account_contents() which is common
class for all gcp modules is not setting no_log to True. Any
sensitive data managed by that function would be leak as an
output when running ansible playbooks.
- Update to version 2.8.1
Full changelog is at /usr/share/doc/packages/ansible/changelogs/
Bugfixes
--------
- ACI - DO not encode query_string
- ACI modules - Fix non-signature authentication
- Add missing directory provided via ``--playbook-dir`` to adjacent collection loading
- Fix 'Interface not found' errors when using eos_l2_interface with nonexistant
interfaces configured
- Fix cannot get credential when `source_auth` set to `credential_file`.
- Fix netconf_config backup string issue
- Fix privilege escalation support for the docker connection plugin when
credentials need to be supplied (e.g. sudo with password).
- Fix vyos cli prompt inspection
- Fixed loading namespaced documentation fragments from collections.
- Fixing bug came up after running cnos_vrf module against coverity.
- Properly handle data importer failures on PVC creation, instead of timing out.
- To fix the ios static route TC failure in CI
- To fix the nios member module params
- To fix the nios_zone module idempotency failure
- add terminal initial prompt for initial connection
- allow include_role to work with ansible command
- allow python_requirements_facts to report on dependencies containing dashes
- asa_config fix
- azure_rm_roledefinition - fix a small error in build scope.
- azure_rm_virtualnetworkpeering - fix cross subscriptions virtual network
peering.
- cgroup_perf_recap - When not using file_per_task, make sure we don't
prematurely close the perf files
- display underlying error when reporting an invalid ``tasks:`` block.
- dnf - fix wildcard matching for state: absent
- docker connection plugin - accept version ``dev`` as 'newest version' and
print warning.
- docker_container - ``oom_killer`` and ``oom_score_adj`` options are available
since docker-py 1.8.0, not 2.0.0 as assumed by the version check.
- docker_container - fix network creation when ``networks_cli_compatible`` is
enabled.
- docker_container - use docker API's ``restart`` instead of ``stop``/``start``
to restart a container.
- docker_image - if ``build`` was not specified, the wrong default for
``build.rm`` is used.
- docker_image - if ``nocache`` set to ``yes`` but not ``build.nocache``, the
module failed.
- docker_image - module failed when ``source: build`` was set but
``build.path`` options not specified.
- docker_network module - fix idempotency when using ``aux_addresses`` in
``ipam_config``.
- ec2_instance - make Name tag idempotent
- eos: don't fail modules without become set, instead show message and continue
- eos_config: check for session support when asked to 'diff_against: session'
- eos_eapi: fix idempotency issues when vrf was unspecified.
- fix bugs for ce - more info see
- fix incorrect uses of to_native that should be to_text instead.
- hcloud_volume - Fix idempotency when attaching a server to a volume.
- ibm_storage - Added a check for null fields in ibm_storage utils module.
- include_tasks - whitelist ``listen`` as a valid keyword
- k8s - resource updates applied with force work correctly now
- keep results subset also when not no_log.
- meraki_switchport - improve reliability with native VLAN functionality.
- netapp_e_iscsi_target - fix netapp_e_iscsi_target chap secret size and
clearing functionality
- netapp_e_volumes - fix workload profileId indexing when no previous workload
tags exist on the storage array.
- nxos_acl some platforms/versions raise when no ACLs are present
- nxos_facts fix <https://github.com/ansible/ansible/pull/57009>
- nxos_file_copy fix passwordless workflow
- nxos_interface Fix admin_state check for n6k
- nxos_snmp_traps fix group all for N35 platforms
- nxos_snmp_user fix platform fixes for get_snmp_user
- nxos_vlan mode idempotence bug
- nxos_vlan vlan names containing regex ctl chars should be escaped
- nxos_vtp_* modules fix n6k issues
- openssl_certificate - fix private key passphrase handling for
``cryptography`` backend.
- openssl_pkcs12 - fixes crash when private key has a passphrase and the module
is run a second time.
- os_stack - Apply tags conditionally so that the module does not throw up an
error when using an older distro of openstacksdk
- pass correct loading context to persistent connections other than local
- pkg_mgr - Ansible 2.8.0 failing to install yum packages on Amazon Linux
- postgresql - added initial SSL related tests
- postgresql - added missing_required_libs, removed excess param mapping
- postgresql - move connect_to_db and get_pg_version into
module_utils/postgres.py (https://github.com/ansible/ansible/pull/55514)
- postgresql_db - add note to the documentation about state dump and the
incorrect rc (https://github.com/ansible/ansible/pull/57297)
- postgresql_db - fix for postgresql_db fails if stderr contains output
- postgresql_ping - fixed a typo in the module documentation
- preserve actual ssh error when we cannot connect.
- route53_facts - the module did not advertise check mode support, causing it
not to be run in check mode.
- sysctl: the module now also checks the output of STDERR to report if values
are correctly set (https://github.com/ansible/ansible/pull/55695)
- ufw - correctly check status when logging is off
- uri - always return a value for status even during failure
- urls - Handle redirects properly for IPv6 address by not splitting on ``:``
and rely on already parsed hostname and port values
- vmware_vm_facts - fix the support with regular ESXi
- vyos_interface fix <https://github.com/ansible/ansible/pull/57169>
- we don't really need to template vars on definition as we do this on demand
in templating.
- win_acl - Fix qualifier parser when using UNC paths -
- win_hostname - Fix non netbios compliant name handling
- winrm - Fix issue when attempting to parse CLIXML on send input failure
- xenserver_guest - fixed an issue where VM whould be powered off even though
check mode is used if reconfiguration requires VM to be powered off.
- xenserver_guest - proper error message is shown when maximum number of
network interfaces is reached and multiple network interfaces are added at
once.
- yum - Fix false error message about autoremove not being supported
- yum - fix failure when using ``update_cache`` standalone
- yum - handle special '_none_' value for proxy in yum.conf and .repo files
- Update to version 2.8.0
Major changes:
* Experimental support for Ansible Collections and content namespacing -
Ansible content can now be packaged in a collection and addressed via
namespaces. This allows for easier sharing, distribution, and installation
of bundled modules/roles/plugins, and consistent rules for accessing
specific content via namespaces.
* Python interpreter discovery - The first time a Python module runs on a
target, Ansible will attempt to discover the proper default Python
interpreter to use for the target platform/version (instead of immediately
defaulting to /usr/bin/python). You can override this behavior by
setting ansible_python_interpreter or via config.
(see https://github.com/ansible/ansible/pull/50163)
* become - The deprecated CLI arguments for --sudo, --sudo-user,
--ask-sudo-pass, -su, --su-user, and --ask-su-pass have been removed, in
favor of the more generic --become, --become-user, --become-method, and
--ask-become-pass.
* become - become functionality has been migrated to a plugin architecture,
to allow customization of become functionality and 3rd party become methods
(https://github.com/ansible/ansible/pull/50991)
- addresses CVE-2018-16859, CVE-2018-16876, CVE-2019-3828, CVE-2018-16837
For the full changelog see /usr/share/doc/packages/ansible/changelogs or online:
https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst
- Update to version 2.7.10
Minor Changes
- Catch all connection timeout related exceptions and raise AnsibleConnectionError instead
- openssl_pkcs12, openssl_privatekey, openssl_publickey - These modules no longer delete the output file before starting to regenerate the output, or when generating the output failed.
Bugfixes
- Backport of https://github.com/ansible/ansible/pull/54105, pamd - fix idempotence issue when removing rules
- Use custom JSON encoder in conneciton.py so that ansible objects (AnsibleVaultEncryptedUnicode, for example) can be sent to the persistent connection process
- allow 'dict()' jinja2 global to function the same even though it has changed in jinja2 versions
- azure_rm inventory plugin - fix missing hostvars properties (https://github.com/ansible/ansible/pull/53046)
- azure_rm inventory plugin - fix no nic type in vmss nic. (https://github.com/ansible/ansible/pull/53496)
- deprecate {Get/Set}ManagerAttributes commands (https://github.com/ansible/ansible/issues/47590)
- flatpak_remote - Handle empty output in remote_exists, fixes https://github.com/ansible/ansible/issues/51481
- foreman - fix Foreman returning host parameters
- get_url - Fix issue with checksum validation when using a file to ensure we skip lines in the file that do not contain exactly 2 parts. Also restrict exception handling to the minimum number of necessary lines (https://github.com/ansible/ansible/issues/48790)
- grafana_datasource - Fixed an issue when running Python3 and using basic auth (https://github.com/ansible/ansible/issues/49147)
- include_tasks - Fixed an unexpected exception if no file was given to include.
- openssl_certificate - fix ``state=absent``.
- openssl_certificate, openssl_csr, openssl_pkcs12, openssl_privatekey, openssl_publickey - The modules are now able to overwrite write-protected files (https://github.com/ansible/ansible/issues/48656).
- openssl_dhparam - fix ``state=absent`` idempotency and ``changed`` flag.
- openssl_pkcs12, openssl_privatekey - These modules now accept the output file mode in symbolic form or as a octal string (https://github.com/ansible/ansible/issues/53476).
- openssl_publickey - fixed crash on Python 3 when OpenSSH private keys were used with passphrases.
- openstack inventory plugin: allow 'constructed' functionality (``compose``, ``groups``, and ``keyed_groups``) to work as documented.
- random_mac - generate a proper MAC address when the provided vendor prefix is two or four characters (https://github.com/ansible/ansible/issues/50838)
- replace - fix behavior when ``before`` and ``after`` are used together (https://github.com/ansible/ansible/issues/31354)
- report correct CPU information on ARM systems (https://github.com/ansible/ansible/pull/52884)
- slurp - Fix issues when using paths on Windows with glob like characters, e.g. ``[``, ``]``
- ssh - Check the return code of the ssh process before raising AnsibleConnectionFailure, as the error message for the ssh process will likely contain more useful information. This will improve the missing interpreter messaging when using modules such as setup which have a larger payload to transfer when combined with pipelining. (https://github.com/ansible/ansible/issues/53487)
- tower_settings - 'name' and 'value' parameters are always required, module can not be used in order to get a setting
- win_acl - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``
- win_acl_inheritance - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``
- win_certificate_store - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``
- win_chocolatey - Fix incompatibilities with the latest release of Chocolatey ``v0.10.12+``
- win_copy - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``
- win_file - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``
- win_find - Ensure found files are sorted alphabetically by the path instead of it being random
- win_find - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``
- win_owner - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``
- win_psexec - Support executables with a space in the path
- win_reboot - Fix reboot command validation failure when running under the psrp connection plugin
- win_tempfile - Always return the full NTFS absolute path and not a DOS 8.3 path.
- win_user_right - Fix output containing non json data - https://github.com/ansible/ansible/issues/54413
- windows - Fixed various module utils that did not work with path that had glob like chars
- yum - fix disable_excludes on systems with yum rhn plugin enabled (https://github.com/ansible/ansible/issues/53134)
- Update to version 2.7.9
Minor Changes
* Add missing import for ConnectionError in edge and routeros module_utils.
* ``to_yaml`` filter updated to maintain formatting consistency when used
with ``pyyaml`` versions 5.1 and later
(https://github.com/ansible/ansible/pull/53772)
* docker_image * set ``changed`` to ``false`` when using ``force: yes`` to
tag or push an image that ends up being identical to one already present on
the Docker host or Docker registry.
* jenkins_plugin * Set new default value for the update_url parameter
(https://github.com/ansible/ansible/issues/52086)
Bugfixes
* Fix bug where some inventory parsing tracebacks were missing or reported under the wrong plugin.
* Fix rabbitmq_plugin idempotence due to information message in new version of rabbitmq (https://github.com/ansible/ansible/pull/52166)
* Fixed KeyError issue in vmware_host_config_manager when a supported option isn't already set (https://github.com/ansible/ansible/issues/44561).
* Fixed issue related to --yaml flag in vmware_vm_inventory. Also fixed caching issue in vmware_vm_inventory (https://github.com/ansible/ansible/issues/52381).
* If large integers are passed as options to modules under Python 2, module argument parsing will reject them as they are of type ``long`` and not of type ``int``.
* allow nice error to work when auto plugin reads file w/o `plugin` field
* ansible-doc * Fix traceback on providing arguemnt --all to ansible-doc command
* azure_rm_virtualmachine_facts * fixed crash related to attached managed disks (https://github.com/ansible/ansible/issues/52181)
* basic * modify the correct variable when determining available hashing algorithms to avoid errors when md5 is not available (https://github.com/ansible/ansible/issues/51355)
* cloudscale * Fix compatibilty with Python3 in version 3.5 and lower.
* convert input into text to ensure valid comparisons in nmap inventory plugin
* dict2items * Allow dict2items to work with hostvars
* dnsimple * fixed a KeyError exception related to record types handling.
* docker_container * now returns warnings from docker daemon on container creation and updating.
* docker_swarm * Fixed node_id parameter not working for node removal (https://github.com/ansible/ansible/issues/53501)
* docker_swarm * do not crash with older docker daemons (https://github.com/ansible/ansible/issues/51175).
* docker_swarm * fixes idempotency for the ``ca_force_rotate`` option.
* docker_swarm * improve Swarm detection.
* docker_swarm * improve idempotency checking; ``rotate_worker_token`` and ``rotate_manager_token`` are now also used when all other parameters have not changed.
* docker_swarm * now supports docker-py 1.10.0 and newer for most operations, instead only docker 2.6.0 and newer.
* docker_swarm * properly implement check mode (it did apply changes).
* docker_swarm * the ``force`` option was ignored when ``state: present``.
* docker_swarm_service * do basic validation of ``publish`` option if specified (must be list of dicts).
* docker_swarm_service * don't crash when ``publish`` is not specified.
* docker_swarm_service * fix problem with docker daemons which do not return ``UpdateConfig`` in the swarm service spec.
* docker_swarm_service * the return value was documented as ``ansible_swarm_service``, but the module actually returned ``ansible_docker_service``. Documentation and code have been updated so that the variable is now called ``swarm_service``. In Ansible 2.7.x, the old name ``ansible_docker_service`` can still be used to access the result.
* ec2 * if the private_ip has been provided for the new network interface it shouldn't also be added to top level parameters for run_instances()
* fix DNSimple to ensure check works even when the number of records is larger than 100
* get_url * return no change in check mode when checksum matches
* inventory plugins * Fix creating groups from composed variables by getting the latest host variables
* inventory_aws_ec2 * fix no_log indentation so AWS temporary credentials aren't displayed in tests
* jenkins_plugin * Prevent plugin to be reinstalled when state=present (https://github.com/ansible/ansible/issues/43728)
* lvol * fixed ValueError when using float size (https://github.com/ansible/ansible/issues/32886, https://github.com/ansible/ansible/issues/29429)
* mysql * MySQLdb doesn't import the cursors module for its own purposes so it has to be imported in MySQL module utilities before it can be used in dependent modules like the proxysql module family.
* mysql * fixing unexpected keyword argument 'cursorclass' issue after migration from MySQLdb to PyMySQL.
* mysql_user: match backticks, single and double quotes when checking user privileges.
* onepassword_facts * Fixes issues which prevented this module working with 1Password CLI version 0.5.5 (or greater). Older versions of the CLI were deprecated by 1Password and will no longer function.
* openssl_certificate * ``has_expired`` correctly checks if the certificate is expired or not
* openssl_certificate * fix Python 3 string/bytes problems for `notBefore`/`notAfter` for self-signed and ownCA providers.
* openssl_certificate * make sure that extensions are actually present when their values should be checked.
* openssl_csr * improve ``subject`` validation.
* openssl_csr * improve error messages for invalid SANs.
* play order is now applied under all circumstances, fixes
* remote_management foreman * Fixed issue where it was impossible to createdelete a product because product was missing in dict choices ( https://github.com/ansible/ansible/issues/48594 )
* rhsm_repository * handle systems without any repos
* skip invalid plugin after warning in loader
* urpmi module * fixed issue
* win_certificate_store * Fix exception handling typo
* win_chocolatey * Fix issue when parsing a beta Chocolatey install * https://github.com/ansible/ansible/issues/52331
* win_chocolatey_source * fix bug where a Chocolatey source could not be disabled unless ``source`` was also set * https://github.com/ansible/ansible/issues/50133
* win_domain * Do not fail if DC is already promoted but a reboot is required, return ``reboot_required: True``
* win_domain * Fix when running without credential delegated authentication * https://github.com/ansible/ansible/issues/53182
* win_file * Fix issue when managing hidden files and directories * https://github.com/ansible/ansible/issues/42466
* winrm * attempt to recover from a WinRM send input failure if possible
* zabbix_hostmacro: fixes truncation of macro contexts that contain colons (see https://github.com/ansible/ansible/pull/51853)
New Plugins
* vmware_vm_inventory * VMware Guest inventory source
- update URL (use SSL version of the URL)
- prepare update for multiple releases (bsc#1102126, bsc#1109957)
- Update to version 2.7.8
Minor Changes:
* Raise AnsibleConnectionError on winrm connnection errors
Bugfixes:
* Backport of https://github.com/ansible/ansible/pull/46478 , fixes name collision in haproxy module
* Fix aws_ec2 inventory plugin code to automatically populate regions when missing as documentation states, also leverage config system vs self default/type validation
* Fix unexpected error when using Jinja2 native types with non-strict constructed keyed_groups (https://github.com/ansible/ansible/issues/52158).
* If an ios module uses a section filter on a device which does not support it, retry the command without the filter.
* acme_challenge_cert_helper * the module no longer crashes when the required ``cryptography`` library cannot be found.
* azure_rm_managed_disk_facts * added missing implementation of listing managed disks by resource group
* azure_rm_mysqlserver * fixed issues with passing parameters while updating existing server instance
* azure_rm_postgresqldatabase * fix force_update bug (https://github.com/ansible/ansible/issues/50978).
* azure_rm_postgresqldatabase * fix force_update bug.
* azure_rm_postgresqlserver * fixed issues with passing parameters while updating existing server instance
* azure_rm_sqlserver * fix for tags support
* azure_rm_virtualmachine * fixed several crashes in module
* azure_rm_virtualmachine_facts * fix crash when vm created from custom image
* azure_rm_virtualmachine_facts * fixed crash related to VM with managed disk attached
* ec2 * Correctly sets the end date of the Spot Instance request. Sets `ValidUntil` value in proper way so it will be auto-canceled through `spot_wait_timeout` interval.
* openssl_csr * fixes idempotence problem with PyOpenSSL backend when no Subject Alternative Names were specified.
* openstack inventory plugin * send logs from sdk to stderr so they do not combine with output
* psrp * do not display bootstrap wrapper for each module exec run
* redfish_utils * get standard properties for firmware entries (https://github.com/ansible/ansible/issues/49832)
* remote home directory * Disallow use of remote home directories that include relative pathing by means of `..` (CVE-2019-3828, bsc#1126503) (https://github.com/ansible/ansible/pull/52133)
* ufw * when using ``state: reset`` in check mode, ``ufw --dry-run reset`` was executed, which causes a loss of firewall rules. The ``ufw`` module was adjusted to no longer run ``ufw --dry-run reset`` to prevent this from happening.
* ufw: make sure that only valid values for ``direction`` are passed on.
* update GetBiosBootOrder to use standard Redfish resources (https://github.com/ansible/ansible/issues/47571)
* win become * Fix some scenarios where become failed to create an elevated process
* win_psmodule * the NuGet package provider will be updated, if needed, to avoid issue under adding a repository
* yum * Remove incorrect disable_includes error message when using disable_excludes (https://github.com/ansible/ansible/issues/51697)
* yum * properly handle a proxy config in yum.conf for an unauthenticated proxy
- Update to version 2.7.7
Minor Changes:
* Allow check_mode with supports_generate_diff capability in cli_config. (https://github.com/ansible/ansible/pull/51417)
* Fixed typo in vmware documentation fragment. Changed 'supported added' to 'support added'.
Bugfixes:
* All K8S_AUTH_* environment variables are now properly loaded by the k8s lookup plugin
* Change backup file globbing for network _config modules so backing up one host's config will not delete the backed up config of any host whose hostname is a subset of the first host's hostname (e.g., switch1 and switch11)
* Fixes bug where nios_a_record wasn't getting deleted if an uppercase named a_record was being passed. (https://github.com/ansible/ansible/pull/51539)
* aci_aaa_user - Fix setting user description (https://github.com/ansible/ansible/issues/51406)
* apt_repository - fixed failure under Python 3.7 (https://github.com/ansible/ansible/pull/47219)
* archive - Fix check if archive is created in path to be removed
* azure_rm inventory plugin - fix azure batch request (https://github.com/ansible/ansible/pull/50006)
* cnos_backup - fixed syntax error (https://github.com/ansible/ansible/pull/47219)
* cnos_image - fixed syntax error (https://github.com/ansible/ansible/pull/47219)
* consul_kv - minor error-handling bugfix under Python 3.7 (https://github.com/ansible/ansible/pull/47219)
* copy - align invocation in return value between check and normal mode
* delegate_facts - fix to work properly under block and include_role (https://github.com/ansible/ansible/pull/51553)
* docker_swarm_service - fix endpoint_mode and publish idempotency.
* ec2_instance - Correctly adds description when adding a single ENI to the instance
* ensure we have a XDG_RUNTIME_DIR, as it is not handled correctly by some privilege escalation configurations
* file - Allow state=touch on file the user does not own https://github.com/ansible/ansible/issues/50943
* fix ansible-pull hanlding of extra args, complex quoting is needed for inline JSON
* fix ansible_connect_timeout variable in network_cli,netconf,httpapi and nxos_install_os timeout check
* netapp_e_storagepool - fixed failure under Python 3.7 (https://github.com/ansible/ansible/pull/47219)
* onepassword_facts - Fix an issue looking up some 1Password items which have a 'password' attribute alongside the 'fields' attribute, not inside it.
* prevent import_role from inserting dupe into roles: execution when duplicate signature role already exists in the section.
* reboot - Fix bug where the connection timeout was not reset in the same task after rebooting
* ssh connection - do not retry with invalid credentials to prevent account lockout (https://github.com/ansible/ansible/issues/48422)
* systemd - warn when exeuting in a chroot environment rather than failing (https://github.com/ansible/ansible/pull/43904)
* win_chocolatey - Fix hang when used with proxy for the first time - https://github.com/ansible/ansible/issues/47669
* win_power_plan - Fix issue where win_power_plan failed on newer Windows 10 builds - https://github.com/ansible/ansible/issues/43827
- update to version 2.7.6
Minor Changes:
* Added documentation about using VMware dynamic inventory plugin.
* Fixed bug around populating host_ip in hostvars in vmware_vm_inventory.
* Image reference change in Azure VMSS is detected and applied correctly.
* docker_volume - reverted changed behavior of force, which was released in Ansible 2.7.1 to 2.7.5, and Ansible 2.6.8 to 2.6.11. Volumes are now only recreated if the parameters changed and force is set to true (instead of or). This is the behavior which has been described in the documentation all the time.
* set ansible_os_family from name variable in os-release
* yum and dnf can now handle installing packages from URIs that are proxy redirects and don't end in the .rpm file extension
Bugfixes:
* Added log message at -vvvv when using netconf connection listing connection details.
* Changes how ansible-connection names socket lock files. They now use the same name as the socket itself, and as such do not lock other attempts on connections to the same host, or cause issues with overly-long hostnames.
* Fix mandatory statement error for junos modules (https://github.com/ansible/ansible/pull/50138)
* Moved error in netconf connection plugin from at import to on connection.
* This reverts some changes from commit 723daf3. If a line is found in the file, exactly or via regexp matching, it must not be added again. insertafter/insertbefore options are used only when a line is to be inserted, to specify where it must be added.
* allow using openstack inventory plugin w/o a cache
* callbacks - Do not filter out exception, warnings, deprecations on failure when using debug (https://github.com/ansible/ansible/issues/47576)
* certificate_complete_chain - fix behavior when invalid file is parsed while reading intermediate or root certificates.
* copy - Ensure that the src file contents is converted to unicode in diff information so that it is properly wrapped by AnsibleUnsafeText to prevent unexpected templating of diff data in Python3 (https://github.com/ansible/ansible/issues/45717)
* correct behaviour of verify_file for vmware inventory plugin, it was always returning True
* dnf - fix issue where conf_file was not being loaded properly
* dnf - fix update_cache combined with install operation to not cause dnf transaction failure
* docker_container - fix network_mode idempotency if the container:<container-name> form is used (as opposed to container:<container-id>) (https://github.com/ansible/ansible/issues/49794)
* docker_container - warning when non-string env values are found, avoiding YAML parsing issues. Will be made an error in Ansible 2.8. (https://github.com/ansible/ansible/issues/49802)
* docker_swarm_service - Document labels and container_labels with correct type.
* docker_swarm_service - Document limit_memory and reserve_memory correctly on how to specify sizes.
* docker_swarm_service - Document minimal API version for configs and secrets.
* docker_swarm_service - fix use of Docker API so that services are not detected as present if there is an existing service whose name is a substring of the desired service
* docker_swarm_service - fixing falsely reporting update_order as changed when option is not used.
* document old option that was initally missed
* ec2_instance now respects check mode https://github.com/ansible/ansible/pull/46774
* fix for network_cli - ansible_command_timeout not working as expected (#49466)
* fix handling of firewalld port if protocol is missing
* fix lastpass lookup failure on python 3 (https://github.com/ansible/ansible/issues/42062)
* flatpak - Fixed Python 2/3 compatibility
* flatpak - Fixed issue where newer versions of flatpak failed on flatpak removal
* flatpak_remote - Fixed Python 2/3 compatibility
* gcp_compute_instance - fix crash when the instance metadata is not set
* grafana_dashboard - Fix a pair of unicode string handling issues with version checking (https://github.com/ansible/ansible/pull/49194)
* host execution order - Fix reverse_inventory not to change the order of the items before reversing on python2 and to not backtrace on python3
* icinga2_host - fixed the issue with not working use_proxy option of the module.
* influxdb_user - An unspecified password now sets the password to blank, except on existing users. This previously caused an unhandled exception.
* influxdb_user - Fixed unhandled exception when using invalid login credentials (https://github.com/ansible/ansible/issues/50131)
* openssl_* - fix error when path contains a file name without path.
* openssl_csr - fix problem with idempotency of keyUsage option.
* openssl_pkcs12 - now does proper path expansion for ca_certificates.
* os_security_group_rule - os_security_group_rule doesn't exit properly when secgroup doesn't exist and state=absent (https://github.com/ansible/ansible/issues/50057)
* paramiko_ssh - add auth_timeout parameter to ssh.connect when supported by installed paramiko version. This will prevent 'Authentication timeout' errors when a slow authentication step (>30s) happens with a host (https://github.com/ansible/ansible/issues/42596)
* purefa_facts and purefb_facts now correctly adds facts into main ansible_fact dictionary (https://github.com/ansible/ansible/pull/50349)
* reboot - add appropriate commands to make the plugin work with VMware ESXi (https://github.com/ansible/ansible/issues/48425)
* reboot - add support for rebooting AIX (https://github.com/ansible/ansible/issues/49712)
* reboot - gather distribution information in order to support Alpine and other distributions (https://github.com/ansible/ansible/issues/46723)
* reboot - search common paths for the shutdown command and use the full path to the binary rather than depending on the PATH of the remote system (https://github.com/ansible/ansible/issues/47131)
* reboot - use a common set of commands for older and newer Solaris and SunOS variants (https://github.com/ansible/ansible/pull/48986)
* redfish_utils - fix reference to local variable 'systems_service'
* setup - fix the rounding of the ansible_memtotal_mb value on VMWare vm's (https://github.com/ansible/ansible/issues/49608)
* vultr_server - fixed multiple ssh keys were not handled.
* win_copy - Fix copy of a dir that contains an empty directory - https://github.com/ansible/ansible/issues/50077
* win_firewall_rule - Remove invalid 'bypass' action
* win_lineinfile - Fix issue where a malformed json block was returned causing an error
* win_updates - Correctly report changes on success
- update to version 2.7.5
Minor Changes:
* Add warning about falling back to jinja2_native=false when Jinja2 version is lower than 2.10.
* Change the position to search os-release since clearlinux new versions are providing /etc/os-release too
* Fixed typo in ansible-galaxy info command.
* Improve the deprecation message for squashing, to not give misleading advice
* Update docs and return section of vmware_host_service_facts module.
* ansible-galaxy: properly warn when git isn't found in an installed bin path instead of traceback
* dnf module properly load and initialize dnf package manager plugins
* docker_swarm_service: use docker defaults for the user parameter if it is set to null
Bugfixes:
* bsc#1118896 CVE-2018-16876 Information disclosure in vvv+ mode with no_log on (https://github.com/ansible/ansible/pull/49569)
* ACME modules: improve error messages in some cases (include error returned by server).
* Added unit test for VMware module_utils.
* Also check stdout for interpreter errors for more intelligent messages to user
* Backported support for Devuan-based distribution
* Convert hostvars data in OpenShift inventory plugin to be serializable by ansible-inventory
* Fix AttributeError (Python 3 only) when an exception occurs while rendering a template
* Fix N3K power supply facts (https://github.com/ansible/ansible/pull/49150).
* Fix NameError nxos_facts (https://github.com/ansible/ansible/pull/48981).
* Fix VMware module utils for self usage.
* Fix error in OpenShift inventory plugin when a pod has errored and is empty
* Fix if the route table changed to none (https://github.com/ansible/ansible/pull/49533)
* Fix iosxr netconf plugin response namespace (https://github.com/ansible/ansible/pull/49300)
* Fix issues with nxos_install_os module for nxapi (https://github.com/ansible/ansible/pull/48811).
* Fix lldp and cdp neighbors information (https://github.com/ansible/ansible/pull/48318)(https://github.com/ansible/ansible/pull/48087)(https://github.com/ansible/ansible/pull/49024).
* Fix nxos_interface and nxos_linkagg Idempotence issue (https://github.com/ansible/ansible/pull/46437).
* Fix traceback when updating facts and the fact cache plugin was nonfunctional
* Fix using vault encrypted data with jinja2_native (https://github.com/ansible/ansible/issues/48950)
* Fixed: Make sure that the files excluded when extracting the archive are not checked. https://github.com/ansible/ansible/pull/45122
* Fixes issue where a password parameter was not set to no_log
* Respect no_log on retry and high verbosity (CVE-2018-16876)
* aci_rest - Fix issue ignoring custom port
* acme_account, acme_account_facts - in some cases, it could happen that the modules return information on disabled accounts accidentally returned by the ACME server.
* docker_swarm - decreased minimal required API version from 1.35 to 1.25; some features require API version 1.30 though.
* docker_swarm_service: fails because of default 'user: root' (https://github.com/ansible/ansible/issues/49199)
* ec2_metadata_facts - Parse IAM role name from the security credential field since the instance profile name is different
* fix azure_rm_image module use positional parameter (https://github.com/ansible/ansible/pull/49394)
* fixes an issue with dict_merge in network utils (https://github.com/ansible/ansible/pull/49474)
* gcp_utils - fix google auth scoping issue with application default credentials or google cloud engine credentials. Only scope credentials that can be scoped.
* mail - fix python 2.7 regression
* openstack - fix parameter handling when cloud provided as dict https://github.com/ansible/ansible/issues/42858
* os_user - Include domain parameter in user deletion https://github.com/ansible/ansible/issues/42901
* os_user - Include domain parameter in user lookup https://github.com/ansible/ansible/issues/42901
* ovirt_storage_connection - comparing passwords breaks idempotency in update_check (https://github.com/ansible/ansible/issues/48933)
* paramiko_ssh - improve log message to state the connection type
* reboot - use IndexError instead of TypeError in exception
* redis cache - Support version 3 of the redis python library (https://github.com/ansible/ansible/issues/49341)
* sensu_silence - Cast int for expire field to avoid call failure to sensu API.
* vmware_host_service_facts - handle exception when service package does not have package name.
* win_nssm - Switched to Argv-ToString for escaping NSSM credentials (https://github.com/ansible/ansible/issues/48728)
* zabbix_hostmacro - Added missing validate_certs logic for running module against Zabbix servers with untrused SSL certificates (https://github.com/ansible/ansible/issues/47611)
* zabbix_hostmacro - Fixed support for user macros with context (https://github.com/ansible/ansible/issues/46953)
- update to version 2.7.4
Bugfixes:
* powershell - add lib/ansible/executor/powershell to the packaging data
- update to version 2.7.3
Minor Changes:
* Document Path and Port are mutually exclusive parameters in wait_for module
* Puppet module remove --ignorecache to allow Puppet 6 support
* dnf properly support modularity appstream installation via overloaded group
modifier syntax
* proxmox_kvm - fix exception
* win_security_policy - warn users to use win_user_right instead when editing
Privilege Rights
Bugfixes:
* Fix the issue that FTD HTTP API retries authentication-related HTTP requests
* Fix the issue that module fails when the Swagger model does not have required fields
* Fix the issue with comparing string-like objects
* Fix using omit on play keywords
* Windows - prevent sensitive content from appearing in scriptblock logging (CVE-2018-16859)
* apt_key - Disable TTY requirement in GnuPG for the module to work correctly
when SSH pipelining is enabled
* better error message when bad type in config, deal with EVNAR= more gracefully
* configuration retrieval would fail on non primed plugins
* cs_template - Fixed a KeyError on state=extracted
* docker_container - fix idempotency problems with docker-py caused by previous
init idempotency fix
* docker_container - fix interplay of docker-py version check with argument_spec
validation improvements
* docker_network - driver_options containing Python booleans would cause Docker
to throw exceptions
* ec2_group - Fix comparison of determining which rules to purge by ignoring descriptions
* pip module - fix setuptools/distutils replacement
* sysvinit - enabling a service should use 'defaults' if no runlevels are specified
- update to version 2.7.2
Minor changes:
* Fix documentation for cloning template
* Parsing plugin filter may raise TypeError, gracefully handle this
exception and let user know about the syntax error in plugin filter file
* Scenario guide for VMware HTTP API usage
* Update plugin filter documentation
* fix yum and dnf autoremove input sanitization to properly warn user if
invalid options passed and update documentation to match
* improve readability and fix privileges names on vmware scenario_clone_template
* k8s - updated module documentation to mention how to avoid SSL validation errors
* yum - when checking for updates, now properly include Obsoletes
(both old and new) package data in the module JSON output
- update to 2.7.1
Minor changes:
* Fix yum module to properly check for empty conf_file value
* added capability to set the scheme for the consul_kv lookup
* added optional certificate and certificate validation for consul_kv lookups
* dnf - properly handle modifying the enable/disable excludes data field
* dnf appropriately handles disable_excludes repoid argument
* dnf proerly honors disable_gpg_check for local package installation
* fix yum module to handle list argument optional empty strings properly
* netconf_config - Make default_operation optional in netconf_config module
* yum - properly handle proxy password and username embedded in url
* yum/dnf - fail when space separated string of names
- update to 2.7.0
Major changes:
* Allow config to enable native jinja types
* Remove support for simplejson
* yum and dnf modules now at feature parity
Minor changes:
* Changed the prefix of all Vultr modules from vr to vultr
* Enable installroot tests for yum4(dnf) integration testing, dnf backend now supports that
* Fixed timer in exponential backoff algorithm in vmware.py
Bugfixes:
* Security Fix - avoid loading host/group vars from cwd when not specifying a playbook or playbook base dir
* Security Fix - avoid using ansible.cfg in a world writable dir
* Some connection exception would cause no_log specified on a task to be ignored (stdout info disclosure)
* Fix glob path of rc.d (SUSE-specific)
* Fix lambda_policy updates
* Fix alt linux detection/matching
- update to 2.6.4
Minor Changes:
* add azure_rm_storageaccount support to StorageV2 kind.
* import_tasks - Do not allow import_tasks to transition to dynamic
if the file is missing
Bugfixes:
* Add md5sum check in nxos_file_copy module
* Allow arbitrary log_driver for docker_container
* Fix Python2.6 regex bug terminal plugin nxos, iosxr
* Fix check_mode in nxos_static_route module
* Fix glob path of rc.d Some distribtuions like SUSE has the rc%.d
directories under /etc/init.d
* Fix network config diff issue for lines
* Fixed an issue where ansible_facts.pkg_mgr would incorrectly set
to zypper on Debian/Ubuntu systems that happened to have the
command installed
* The docker_* modules respect the DOCKER_* environment variables again
* The fix for CVE-2018-10875 prints out a warning message about
skipping a config file from a world writable current working directory.
However, if the user is in a world writable current working directory
which does not contain a config file, it should not print a warning
message. This release fixes that extaneous warning.
* To resolve nios_network issue where vendor-encapsulated-options
can not have a use_option flag.
* To resolve the issue of handling exception for Nios lookup gracefully.
* always correctly template no log for tasks
* ansible-galaxy - properly list all roles in roles_path
* basic.py - catch ValueError in case a FIPS enabled platform
raises this exception
* docker_container: fixing working_dir idempotency problem
* docker_container: makes unit parsing for memory sizes more consistent,
and fixes idempotency problem when kernel_memory is set
* fix example code for AWS lightsail documentation
* fix the enable_snat parameter that is only supposed to be used by
an user with the right policies.
* fixes docker_container check and debug mode
* improves docker_container idempotency
* ios_l2_interface - fix bug when list of vlans ends with comma
* ios_l2_interface - fix issue with certain interface types
* ios_user - fix unable to delete user admin issue
* ios_vlan - fix unable to work on certain interface types issue
* nxos_facts test lldp feature and fix nxapi check_rc
* nxos_interface port-channel idempotence fix for mode
* nxos_linkagg mode fix
* nxos_system idempotence fix
* nxos_vlan refactor to support non structured output
* one_host - fixes settings via environment variables
* use retry_json nxos_banner
* user - Strip trailing comments in /etc/default/passwd
* user - when creating a new user without an expiration date,
properly set no expiration rather that expirining the account
* win_domain_computer - fixed deletion of computer active directory
object that have dependent objects
* win_domain_computer - fixed error in diff_support
* win_domain_computer - fixed error when description parameter is empty
* win_psexec - changed code to not escape the command option when building the args
* win_uri -- Fix support for JSON output when charset is set
* win_wait_for - fix issue where timeout doesn't wait unless state=drained
- update to 2.6.3
Bugfixes:
* Fix lxd module to be idempotent when the given configuration for
the lxd container has not changed
* Fix setting value type to str to avoid conversion during template
read. Fix Idempotency in case of 'no key'.
* Fix the mount module's handling of swap entries in fstab
* The fix for (CVE-2018-10875) prints out a warning message about
skipping a config file from a world writable current working
directory. However, if the user explicitly specifies that the
config file should be used via the ANSIBLE_CONFIG environment
variable then Ansible would honor that but still print out the
warning message. This has been fixed so that Ansible honors the
user's explicit wishes and does not print a warning message in
that circumstance.
* To fix the bug where existing host_record was deleted when existing
record name is used with different IP.
* VMware handle pnic in proxyswitch
* fix azure security group cannot add rules when purge_rule set to false.
* fix azure_rm_deployment collect tags from existing Resource Group.
* fix azure_rm_loadbalancer_facts list takes at least 2 arguments.
* fix for the bundled selectors module (used in the ssh and local
connection plugins) when a syscall is restarted after being
interrupted by a signal
* get_url - fix the bug that get_url does not change mode when checksum matches
* nicer error when multiprocessing breaks
* openssl_certificate - Convert valid_date to bytes for conversion
* openstack_inventory.py dynamic inventory file fixed the plugin to the
script so that it will work with current ansible-inventory. Also
redirect stdout before dumping the ouptput, because not doing so will
cause JSON parse errors in some cases.
* slack callback - Fix invocation by looking up data from cli.options
* sysvinit module: handle values of optional parameters. Don't disable
service when enabled parameter isn't set. Fix command when arguments
parameter isn't set.
* vars_prompt - properly template play level variables in vars_prompt
* win_domain - ensure the Netlogon service is up and running after
promoting host to controller
* win_domain_controller - ensure the Netlogon service is up and running
after promoting host to controller
- update to 2.6.2
Minor Changes
+ Sceanrio guide for removing an existing virtual machine is added.
+ lineinfile - add warning when using an empty regexp
+ Restore module_utils.basic.BOOLEANS variable for backwards compatibility
with the module API in older ansible releases.
Bugfixes:
+ Includes fix for bsc#1099808 (CVE-2018-10875) ansible.cfg is being read
from current working directory allowing possible code execution
+ Add text output along with structured output in nxos_facts
+ Allow more than one page of results by using the right pagination
indicator ('NextMarker' instead of 'NextToken').
+ Fix an atomic_move error that is 'true', but misleading.
Now we show all 3 files involved and clarify what happened.
+ Fix eos_l2_interface eapi.
+ Fix fetching old style facts in junos_facts module
+ Fix get_device_info nxos zero or more whitespace regex
+ Fix nxos CI failures
+ Fix nxos_nxapi default http behavior
+ Fix nxos_vxlan_vtep_vni
+ Fix regex network_os_platform nxos
+ Refactor nxos cliconf get_device_info for non structured
output supported devices
+ To fix the NoneType error raised in ios_l2_interface when
Access Mode VLAN is unassigned
+ emtpy host/group name is an error
+ fix default SSL version for docker modules
+ fix mail module when using starttls
+ fix nmap config example
+ fix ps detection of service
+ fix the remote tmp folder permissions issue when becoming a non
admin user
+ fix typoe in sysvinit that breaks update.rc-d detection
+ fixes docker_container compatibilty with docker-py < 2.2
+ get_capabilities in nxapi module_utils should not return empty dictionary
+ inventory - When using an inventory directory, ensure extension
comparison uses text types
+ ios_vlan - fix unable to identify correct vlans issue
+ nxos_facts warning message improved
+ openvswitch_db - make 'key' argument optional
+ pause - do not set stdout to raw mode when redirecting to a file
+ pause - nest try except when importing curses to gracefully fail
if curses is not present
+ plugins/inventory/openstack.py - Do not create group with empty
name if region is not set
+ preseve delegation info on nolog
+ remove ambiguity when it comes to 'the source'
+ remove dupes from var precedence
+ restores filtering out conflicting facts
+ user - fix bug that resulted in module always reporting a change when
specifiying the home directory on FreeBSD
+ user - use correct attribute name in FreeBSD for creat_home
+ vultr - Do not fail trying to load configuration from ini files if
required variables have been set as environment variables.
+ vyos_command correcting conditionals looping
+ win_chocolatey - enable TLSv1.2 support when downloading the
Chocolatey installer
+ win_reboot - fix for handling an already scheduled reboot and other
minor log formatting issues
+ win_reboot - fix issue when overridding connection timeout hung
the post reboot uptime check
+ win_reboot - handle post reboots when running test_command
+ win_security_policy - allows an empty string to reset a policy value
+ win_share - discard any cmdlet output we don't use to ensure only the
return json is received by Ansible
+ win_unzip - discard any cmdlet output we don't use to ensure only the
return json is received by Ansible
+ win_updates - fixed module return value is lost in error in some cases
+ win_user - Use LogonUser to validate the password as it does not
rely on SMB/RPC to be available
+ Security Fix - avoid loading host/group vars from cwd when not
specifying a playbook or playbook base dir
+ Security Fix - avoid using ansible.cfg in a world writable dir.
+ Fix junos_config confirm commit timeout issue
(https://github.com/ansible/ansible/pull/41527)
+ file module - The touch subcommand had its diff output broken during
the 2.6.x development cycle. This is now fixed.
+ inventory manager - This fixes required options being populated before
the inventory config file is read, so the required options may be
set in the config file.
+ nsupdate - allow hmac-sha384 https://github.com/ansible/ansible/pull/42209
+ win_domain - fixes typo in one of the AD cmdlets
https://github.com/ansible/ansible/issues/41536
+ win_group_membership - uses the internal Ansible SID conversion logic
and uses that when comparing group membership instead of the name
- use fdupes to save some space in python_sitelib
- define BuildRoot on older distributions like SLE-11
- be a bit more flexible with the ending of manpage files to allow
Fedora builds to succeed
- includes fix for bsc#1099805 (CVE-2018-10874) Inventory
variables are loaded from current working directory when
running ad-hoc command that can lead to code execution
(included upstream in 2.6.1).
- revert some unneeded changes from spec-cleaner
- updated to latest release 2.6.0
- New Plugins:
+ Callback:
- cgroup_memory_recap
- grafana_annotations
- sumologic
+ Connection:
- httpapi
+ Inventory:
- foreman
- gcp_compute
- generator
- nmap
+ Lookup:
- onepassword
- onepassword_raw
- Modules updates too many to mention here
please look at package documentation directory (/usr/share/doc/packages/.../changelogs)
- bug fixes:
- **Security Fix** - Some connection exceptions would cause no_log
specified on a task to be ignored. If this happened, the task information,
including any private information coul d have been displayed to stdout and
(if enabled, not the default) logged to a log file specified in
ansible.cfg's log_path. Additionally, sites which redirected stdout from
ansible runs to a log file may have stored that private information onto
disk that way as well. (https://github.com/ansible/ansible/pull/41414)
- Changed the admin_users config option to not include 'admin' by default
as admin is frequently used for a non-privileged account
(https://github.com/ansible/ansible/pull/41164)
- Changed the output to 'text' for 'show vrf' command as default 'json'
output format with respect to 'eapi' transport was failing
(https://github.com/ansible/ansible/pull/41470)
- Document mode=preserve for both the copy and template module
- Fix added for Digital Ocean Volumes API change causing Ansible to
recieve an unexpected value in the response.
(https://github.com/ansible/ansible/pull/41431)
- Fix an encoding issue when parsing the examples from a plugins'
documentation
- Fix iosxr_config module to handle route-policy, community-set,
prefix-set, as-path-set and rd-set blocks. All these blocks are part of
route-policy language of iosxr.
- Fix mode=preserve with remote_src=True for the copy module
- Implement mode=preserve for the template module
- The yaml callback plugin now allows non-ascii characters to be
displayed.
- Various grafana_* modules - Port away from the deprecated
b64encodestring function to the b64encode function instead.
https://github.com/ansible/ansible/pull/38388
- added missing 'raise' to exception definition
https://github.com/ansible/ansible/pull/41690
- allow custom endpoints to be used in the aws_s3 module
(https://github.com/ansible/ansible/pull/36832)
- allow set_options to be called multiple times
https://github.com/ansible/ansible/pull/41913
- ansible-doc - fixed traceback on missing plugins
(https://github.com/ansible/ansible/pull/41167)
- cast the device_mapping volume size to an int in the ec2_ami module
(https://github.com/ansible/ansible/pull/40938)
- copy - fixed copy to only follow symlinks for files in the non-recursive case
- copy module - The copy module was attempting to change the mode of files
for remote_src=True even if mode was not set as a parameter. This
failed on filesystems which do not have permission bits
(https://github.com/ansible/ansible/pull/40099)
- copy module - fixed recursive copy with relative paths
(https://github.com/ansible/ansible/pull/40166)
- correct debug display for all cases
https://github.com/ansible/ansible/pull/41331
- correctly check hostvars for vars term
https://github.com/ansible/ansible/pull/41819
- correctly handle yaml inventory files when entries are null dicts
https://github.com/ansible/ansible/issues/41692
- dynamic includes - Allow inheriting attributes from static parents
(https://github.com/ansible/ansible/pull/38827)
- dynamic includes - Don't treat undefined vars for conditional includes
as truthy (https://github.com/ansible/ansible/pull/39377)
- dynamic includes - Fix IncludedFile comparison for free strategy
(https://github.com/ansible/ansible/pull/37083)
- dynamic includes - Improved performance by fixing re-parenting on copy
(https://github.com/ansible/ansible/pull/38747)
- dynamic includes - Use the copied and merged task for calculating task
vars (https://github.com/ansible/ansible/pull/39762)
- file - fixed the default follow behaviour of file to be true
- file module - Eliminate an error if we're asked to remove a file but
something removes it while we are processing the request
(https://github.com/ansible/ansible/pull/39466)
- file module - Fix error when recursively assigning permissions and a
symlink to a nonexistent file is present in the directory tree
(https://github.com/ansible/ansible/issues/39456)
- file module - Fix error when running a task which assures a symlink to a
nonexistent file exists for the second and subsequent times
(https://github.com/ansible/ansible/issues/39558)
- file module - The file module allowed the user to specify src as a
parameter when state was not link or hard. This is documented as only
applying to state=link or state=hard but in previous Ansible, this could
have an effect in rare cornercases. For instance, 'ansible -m file -a
'state=directory path=/tmp src=/var/lib'' would create /tmp/lib. This
has been disabled and a warning emitted (will change to an error in
Ansible-2.10).
- file module - The touch subcommand had its diff output broken during the
2.6.x development cycle. This is now fixed
(https://github.com/ansible/ansible/issues/41755)
- fix BotoCoreError exception handling
- fix apt-mark on debian6 (https://github.com/ansible/ansible/pull/41530)
- fix async for the aws_s3 module by adding async support to the action
plugin (https://github.com/ansible/ansible/pull/40826)
- fix decrypting vault files for the aws_s3 module
(https://github.com/ansible/ansible/pull/39634)
- fix errors with S3-compatible APIs if they cannot use ACLs for buckets
or objects
- fix permission handling to try to download a file even if the user does
not have permission to list all objects in the bucket
- fixed config required handling, specifically for _terms in lookups
https://github.com/ansible/ansible/pull/41740
- gce_net - Fix sorting of allowed ports
(https://github.com/ansible/ansible/pull/41567)
- group_by - support implicit localhost
(https://github.com/ansible/ansible/pull/41860)
- import/include - Ensure role handlers have the proper parent, allowing
for correct attribute inheritance
(https://github.com/ansible/ansible/pull/39426)
- import_playbook - Pass vars applied to import_playbook into parsing of
the playbook as they may be needed to parse the imported plays
(https://github.com/ansible/ansible/pull/39521)
- include_role/import_role - Don't overwrite included role handlers with
play handlers on parse (https://github.com/ansible/ansible/pull/39563)
- include_role/import_role - Fix parameter templating
(https://github.com/ansible/ansible/pull/36372)
- include_role/import_role - Use the computed role name for
include_role/import_role so to diffentiate between names computed from
host vars (https://github.com/ansible/ansible/pull/39516)-
include_role/import_role - improved performance and recursion depth
(https://github.com/ansible/ansible/pull/36470)
- lineinfile - fix insertbefore when used with BOF to not insert duplicate
lines (https://github.com/ansible/ansible/issues/38219)
- password lookup - Do not load password lookup in network filters,
allowing the password lookup to be overriden
(https://github.com/ansible/ansible/pull/41907)
- pause - ensure ctrl+c interrupt works in all cases
(https://github.com/ansible/ansible/issues/35372)
- powershell - use the tmpdir set by `remote_tmp` for become/async tasks
instead of the generic $env:TEMP -
https://github.com/ansible/ansible/pull/40210
- selinux - correct check mode behavior to report same changes as normal
mode (https://github.com/ansible/ansible/pull/40721)
- spwd - With python 3.6 spwd.getspnam returns PermissionError instead of
KeyError if user does not have privileges
(https://github.com/ansible/ansible/issues/39472)
- synchronize - Ensure the local connection created by synchronize uses
_remote_is_local=True, which causes ActionBase to build a local tmpdir
(https://github.com/ansible/ansible/pull/40833)
- template - Fix for encoding issues when a template path contains
non-ascii characters and using the template path in ansible_managed
(https://github.com/ansible/ansible/issues/27262)
- template action plugin - fix the encoding of filenames to avoid
tracebacks on Python2 when characters that are not present in the user's
locale are present. (https://github.com/ansible/ansible/pull/39424)
- user - only change the expiration time when necessary
(https://github.com/ansible/ansible/issues/13235)
- uses correct conn info for reset_connection
https://github.com/ansible/ansible/issues/27520
- win_environment - Fix for issue where the environment value was deleted
when a null value or empty string was set -
https://github.com/ansible/ansible/issues/40450
- win_file - fix issue where special chars like [ and ] were not being
handled correctly https://github.com/ansible/ansible/pull/37901
- win_get_url - fixed a few bugs around authentication and force no when
using an FTP URL
- win_iis_webapppool - redirect some module output to null so Ansible can
read the output JSON https://github.com/ansible/ansible/issues/40874
- win_template - fix when specifying the dest option as a directory with
and without the trailing slash
https://github.com/ansible/ansible/issues/39886
- win_updates - Added the ability to run on a scheduled task for older
hosts so async starts working again -
https://github.com/ansible/ansible/issues/38364
- win_updates - Fix logic when using a whitelist for multiple updates
- win_updates - Fix typo that hid the download error when a download
failed
- win_updates - Fixed issue where running win_updates on async fails
without any error
- windows become - Show better error messages when the become process fails
- winrm - Add better error handling when the kinit process fails
- winrm - allow `ansible_user` or `ansible_winrm_user` to override
`ansible_ssh_user` when both are defined in an inventory -
https://github.com/ansible/ansible/issues/39844
- winrm - ensure pexpect is set to not echo the input on a failure and have
a manual sanity check afterwards
https://github.com/ansible/ansible/issues/41865
- winrm connection plugin - Fix exception messages sometimes raising a
traceback when the winrm connection plugin encounters an unrecoverable
error. https://github.com/ansible/ansible/pull/39333
- xenserver_facts - ensure module works with newer versions of XenServer
(https://github.com/ansible/ansible/pull/35821)
- use python3 on (open)SUSE 15 or newer
- Update to 2.5.5
- Fixed the honouration of the no_log option with failed task iterations
(CVE-2018-10855 boo#1097775)
- Bufixes:
- Changed the admin_users config option to not include 'admin' by default
as admin is frequently used for a non-privileged account
- aws_s3 - add async support to the action plugin
- aws_s3 - fix decrypting vault files
- ec2_ami - cast the device_mapping volume size to an int
- eos_logging - fix idempotency issues
- cache plugins - A cache timeout of 0 means the cache will not expire.
- ios_logging - fix idempotency issues
- ios/nxos/eos_config - don't retrieve config in running_config when config is provided for diff
- nxos_banner - fix multiline banner issue
- nxos terminal plugin - fix output truncation
- nxos_l3_interface - fix no switchport issue with loopback and svi interfaces
- nxos_snapshot - fix compare_option
- Applied spec-cleaner
- Update to 2.5.1
Minor Changes
+ Updated example in vcenter_license module.
+ Updated virtual machine facts with instanceUUID which is unique
for each VM irrespective of name and BIOS UUID.
+ A lot of Bugfixes, please refer to the Changelog installed in
/usr/share/doc/packages/ansible/changelogs/CHANGELOG-v2.5.rst
- Update to 2.5.0:
Major Changes
* Ansible Network improvements
+ Created new connection plugins network_cli and netconf to replace
connection=local. connection=local will continue to work for a
number of Ansible releases.
+ No more unable to open shell. A clear and descriptive message will
be displayed in normal ansible-playbook output without needing to enable debug mode
+ Loads of documentation, see Ansible for Network Automation Documentation.
+ Refactor common network shared code into package under module_utils/network/
+ Filters: Add a filter to convert XML response from a network device to JSON object.
+ Loads of bug fixes.
+ Plus lots more.
* New simpler and more intuitive 'loop' keyword for task loops. The
with_<lookup> loops will likely be deprecated in the near future
and eventually removed.
* Added fact namespacing; from now on facts will be available under
ansible_facts namespace (for example: ansible_facts.os_distribution)
without the ansible_ prefix. They will continue to be added into the
main namespace directly, but now with a configuration toggle to enable
this. This is currently on by default, but in the future it will default to off.
* Added a configuration file that a site administrator can use to
specify modules to exclude from being used.
Minor Changes
* please refer to /share/doc/packages/ansible/changelogs/CHANGELOG-v2.5.rst
Deprecated Features
* Previously deprecated 'hostfile' config settings have been 're-deprecated'
because previously code did not warn about deprecated configuration settings.
* Using Ansible-provided Jinja tests as filters is deprecated and will
be removed in Ansible 2.9.
* The stat and win_stat modules have deprecated get_md5 and the md5 return
values. These options will become undocumented in Ansible 2.9 and
removed in a later version.
* The redis_kv lookup has been deprecated in favor of new redis lookup
* Passing arbitrary parameters that begin with HEADER_ to the uri module,
used for passing http headers, is deprecated. Use the headers parameter
with a dictionary of header names to value instead.
This will be removed in Ansible 2.9
* Passing arbitrary parameters to the zfs module to set zfs properties is
deprecated. Use the extra_zfs_properties parameter with a dictionary of
property names to values instead. This will be removed in Ansible 2.9.
* Use of the AnsibleModule parameter check\_invalid\_arguments in custom
modules is deprecated. In the future, all parameters will be checked to
see whether they are listed in the arg spec and an error raised if they
are not listed. This behaviour is the current and future default so most
custom modules can simply remove check\_invalid\_arguments if they set it
to the default value of True. The check\_invalid\_arguments parameter
will be removed in Ansible 2.9.
* The nxos_ip_interface module is deprecated in Ansible 2.5.
Use nxos_l3_interface module instead.
* The nxos_portchannel module is deprecated in Ansible 2.5.
Use nxos_linkagg module instead.
* The nxos_switchport module is deprecated in Ansible 2.5.
Use nxos_l2_interface module instead.
* The ec2_ami_find has been deprecated; use ec2_ami_facts instead.
* panos_security_policy: Use panos_security_rule - the old module uses
deprecated API calls
* vsphere_guest is deprecated in Ansible 2.5 and will be removed in
Ansible-2.9. Use vmware_guest module instead.
Removed Features (previously deprecated)
* accelerate.
* boundary_meter: There was no deprecation period for this but the hosted
service it relied on has gone away so the module has been removed. #29387
* cl_ : cl_interface, cl_interface_policy, cl_bridge, cl_img_install,
cl_ports, cl_license, cl_bond. Use nclu instead
* docker. Use docker_container and docker_image instead.
* ec2_vpc.
* ec2_ami_search, use ec2_ami_facts instead.
* nxos_mtu. Use nxos_system's system_mtu option instead.
To specify an interface's MTU use nxos_interface.
* panos_nat_policy: Use panos_nat_rule the old module uses
deprecated API calls
- also package the changelogs directory below
/usr/share/doc/packages/ansible/ for better reference
- License changed to GPL-3.0-or-later, as mentioned in the source
(former license focues on GPL-3.0 only)
- Add python-passlib as Requires (bsc#1080682)
passlib is needed for the 'vars_prompt' feature of ansible
- Update to version 2.4.3.0:
* Fix `pamd` rule args regexp to match file paths.
* Check if SELinux policy exists before setting.
* Set locale to `C` in `letsencrypt` module to fix date parsing
errors.
* Fix include in loop when stategy=free.
* Fix save parameter in asa_config.
* Fix --vault-id support in ansible-pull.
* In nxos_interface_ospf, fail nicely if loopback is used with
passive_interface.
* Fix quote filter when given an integer to quote.
* nxos_vrf_interface fix when validating the interface.
* Fix for win_copy when sourcing files from an SMBv1 share.
* correctly report callback plugin file.
* restrict revaulting to vault cli.
* Fix python3 tracebacks in letsencrypt module.
* Fix ansible_*_interpreter variables to be templated prior to
being used.
* Fix setting of environment in a task that uses a loop
* Fix fetch on Windows failing to fetch files or particular
block size.
* preserve certain fields during no log.
* fix issue with order of declaration of sections in ini
inventory.
* Fix win_iis_webapppool to correctly stop a apppool.
* Fix CloudEngine host failed.
* Fix ios_config save issue.
* Handle vault filenames with nonascii chars when displaying
messages.
* Fix win_iis_webapppool to not return passwords.
* Fix extended file attributes detection and changing.
* correctly ensure 'ungrouped' membership rules.
* made warnings less noisy when empty/no inventory is supplied.
* Fixes a failure which prevents to create servers in module
cloudscale_server.
* Fix win_firewall_rule 'Specified cast is invalid' error when
modifying a rule with all of Domain/Public/Private profiles set.
* Fix case for multilib when installing from a file in the yum
module.
* Fix WinRM parsing/escaping of IPv6 addresses.
* Fix win_package to detect MSI regardless of the extension case.
* Updated win_mapped_drive docs to clarify what it is used for.
* Fix file related modules run in check_mode when the file being
operated on does not exist.
* Make eos_vlan idempotent.
* Fix win_iis_website to properly check attributes before setting.
* Fixed the removal date for ios_config save and force parameters.
* cloudstack: fix timeout from ini config file being ignored.
* fixes memory usage issues with many blocks/includes.
* Fixes maximum recursion depth exceeded with include_role.
* Fix to win_dns_client module to take ordering of DNS servers to
resolve into account.
* Fix for the nxos_banner module where some nxos images nest the
output inside of an additional dict.
* Fix failure message 'got multiple values for keyword argument
id' in the azure_rm_securitygroup module (caused by changes to
the azure python API).
* Bump Azure storage client minimum to 1.5.0 to fix
deserialization issues.
This will break Azure Stack until it receives storage API
version 2017-10-01 or changes are made to support multiple
versions.
* Flush stdin when passing the become password. Fixes some cases
of timeout on Python 3 with the ssh connection plugin.
update to version v2.4.2.0:
* lock azure containerservice to below 2.0.0
* ovirt_host_networks: Fix label assignment
* Fix vault --ask-vault-pass with no tty (#31493)
* cherry-pick changes of azure_rm_common from devel to 2.4 (#32607)
* Fixes #31090. In network parse_cli filter plugin, this change moves the creation of a (#31092) (#32458)
* Use an abspath for network inventory ssh key path.
* Remove toLower on source (#31983)
* Add k8s_common.py logging fixes to the changelog
* inserts enable cmd hash with auth_pass used (#32107)
* Fix exception upon display.warn() (#31876)
* ios_system: Fix typo in unit test (#32284)
* yum: use the C locale when screen scraping (#32203)
* Use region derived from get_aws_connection_info() in dynamodb_table to fix tagging bug (#32557)
* fix item var in delegation (#32986)
* Add changelog entry for elb_application_lb fix
* Add a validate example to blockinfile. (#32088)
* Correct formatting --arguments (#31808)
* Add changelog for URI/get_url fix
* [cloud] Bugfix for aws_s3 empty directory creation (#32198)
* Fix junos integration test fixes as per connection refactor (#33050) (#33055)
* Update win_copy for #32677 (#32682)
* ios_interface testfix (#32381)
* Add proper check mode support to the script module (#31852)
* Add galaxy --force fix to changelog
* Fix non-ascii errors in config manager
* Add python3 urllib fixes to changelog
* Add changelog entry for the stdin py3 fix
* Update version info for the 2.4.2 release
* Add max_fail_percentage fix to changelog
* Changelog entry for script inventory plugin fix.
* Make RPM spec compatible with RHEL 6 (#31653)
* Add changelog entry for the yum locale fix
* Use vyos/1.1.8 in CI.
* Fix patching to epel package
* Pass proper error value to to_text (#33030)
* Fix and re-enable zypper* integration tests in CI.
* avoid chroot paths (#32778)
* Add changelog entry for inventory nonascii paths fix
* Fix ios_config integration test failures (#32959) (#32970)
* Fix ios_config file prompt issue (#32744) (#32780)
* Mdd module unit test docs (#31373)
* dont add all group vars to implicit on create
* Fix nxos_banner removal idempotence issue in N1 images (#31259)
* Clarify the release and maintenance cycle (#32402)
* Add ansible_distribution_major_version to macOS (#31708)
* Docs (#32718)
* Keep newlines when reading LXC container config file (#32219)
* Updated changelog for vmware logon error handling
* New release v2.4.2.0-0.2.beta2
* added doc notes about vars plugins in precedence
* revert module_utils/nxos change from #32846 (#32956)
* [cloud] add boto3 requirement to `cloudformation` module docs (#31135)
* Fixes #31056 (#31057)
* - Fix logging module issue where facility is being deleted along with host (#32234)
* Get the moid in a more failsafe manner (#32671)
* Integration Tests only: add static route, snmp_user, snapshot and hsrp it cases (#28933)
* Add the change to when we escape backslashes (for the template lookup plugin) to changelog
* correctly deal with changed (#31812)
* Add the template lookup escaping to the 2.4 porting guide (#32760)
* tests for InventoryModule error conditions (#31381)
* Disable pylint rules for stable-2.4.
* fix typo
* Enable TLS1.1 and TLS1.2 for win_package (#32184)
* Add remove host fix to changelog
* ios_interface provider issue testfix (#32335)
* win_service: quoted path fix (#32469)
* Add changes to succeeded/failed tests to the 2.4 porting guide (#33201)
* Run OS X tests in 3 groups in CI.
* ini inventory: document value parsing workaround
* Change netconf port in testcase as per test enviornment (#32883) (#32889)
* fix inventory loading for ansible-doc
* jsonify inventory (#32990)
* firewalld: don't reference undefined variable in error case (#31949)
* change ports to non well known ports and drop time_range for N1 (#31261)
* make vars only group declarations an error
* Add changelog for os_floating_ip fix
* Fix example on comparing master config (#32406)
* py2/py3 safer shas on hostvars (#31788)
* ensure we always have a basedir
* Add missing ansible-test --remote-terminate support. (#32918)
* Use show command to support wider platform set for nxos_interface module (#33037)
* ios_logging: change IOS command pipe to section to include (#33100) (#33116)
* win_find: allow module to skip on files it fails to check (#32105)
* New release v2.4.2.0-0.4.beta4
* multiple nxos fixes (#32905)
* Add changelog entry for git archive fix
* Add changelog entries for a myriad of 2.4.2 bugfixes
* iosxr integration testfix (#32344)
* Fix #31694: running with closed stdin on python 3 (#31695)
* Add eos_user fix to changelog
* updated changelog with win_find fix
* Added urls python3 fix to changelog
* [cloud] Support changeset_name parameter on CloudFormation stack create (#31436)
* use configured ansible_shell_executable
* New release v2.4.2.0-0.3.beta3
* Fix ec2_lc failing to create multi-volume configurations (#32191)
* Changelog win_package TLS fix
* Fix wrong prompt issue for network modules (#32426) (#32442)
* New release v2.4.2.0-0.1.beta1
* Exclude stack policy when running in check mode.
* change inventory_hostname to ansible_host to fix test (#32890) (#32891)
* Add azure_rm_acs check mode fix
* Updated changelog for win_copy fix
* corrected package docs
* make sure patterns are strings
* Add more bugfixes to changelog
* Fix junos netconf port issue in integration test (#32610) (#32668)
* fixed .loads error for non decoded json in Python 3 (#32065)
* nxos_config and nxos_facts - fixes for N35 platform. (#32762) (#32875)
* Add changelog entry for #32219
* Remove provider from ios integration test (#31037) (#32230)
* added note about serial behaviour (#32461)
* Fixes ios_logging unit test (#32240)
* Avoid AttributeError: internal_network on os_floating_ip (#32887)
* use to_str instead of json.dumps when serializing k8s object for logging
* Prefer the stdlib SSLContext over urllib3 context
* git: fix archive when update is set to no (#31829)
* Add elb_target_group port fix to the changelog
* Changelog entry for aws_s3 issue #32144
* Add error handling for user login (#32613)
* Move asa provider to suboptions (#32356)
* fix dci failure nxos (#32877) (#32878)
* Add inventory jsonification to the changelog
* eos_eapi: adding the desired state config to the new vrf fixes #32111 (#32112) (#32452)
* Handle ip name-server lines containing multiple nameservers (#32235) (#32373)
* Remove provider from prepare_ios_tests integration test (#31038)
* Add last minute bugfixes and doc updates for rc1
* Fix snmp bugs on Nexus 3500 platform (#32773) (#32847)
* validate that existing dest is valid directory
* Update the release data for 2.4.1 in the changelog
* add check mode for acs delete (#32063)
* More fixes added to changelog
* Add wait_for fix to the changelog
* removed psobject to hashtables that were missed (#32710)
* wait_for: treat broken connections as 'unready' (#28839)
* Return all elements in a more robust way
* fix ios_interface test (#32372)
* Add missing packages to default docker image.
* fix nxos_igmp_snooping (#31688)
* - Fix to return error message back to the module. (#31035)
* Ensure that readonly result members are serialized (#33170)
* Keywords docs (#32807)
* remove hosts from removed when rescuing
* Add panos_security_rule docs typo fix to changelog
* Update vyos completion in network.txt.
* move to use ansible logging
* ovirt_clusters: Fix fencing and kuma comparision
* Documentation typo fixes (#32473)
* [fix] issue #30516 : take care about autoremove in upgrade function
* Enable ECHO in prompt module (#32083)
* calculate max fail against all hosts in batch
* Fix urlparse import for Python3 (#31240)
* Bunch of changelog updates for cherry-picks
* restore hostpattern regex/glob behaviour
* Better handling of malformed vault data envelope (#32515)
* Updated changelog regarding win_service quoted path fix
* nxos_interface error handling (#32846)
* An availability zone will be selected if none is provided. Set az to an empty string if it's None to avoid traceback. (#32216)
* Use to_native when validating proxy result (#32596)
* vmware_guest: refactor spec serialization (#32681)
* Add new default Docker container for ansible-test. (#31944)
* warn on bad keys in group
* NXOS: Integration tests to Ansible (part 3) (#29030)
* Add spec file fix to changelog
* eos_user testfix (#32264)
* iam.py: return iam.role dict when creating roles (#28964)
* Add networking bug fixes to changelog (#32201)
* [cloud] sns_topic: Fix unreferenced variable
* Fix service_mgr fact collection (#32086)
* Fix include_role unit tests (#31920)
* Updated changelog for win_iis_* modules things
* handle ignore_errors in loop
* adjust nohome param when using luser
* better cleanup on task results display (#27175)
* Improve python 2/3 ABC fallback for pylint. (#31848)
* fix html formatting
* Add ansible_shell_executable fix to changelog
* Move resource pool login to a separate function and fix undefined var reference (#32674)
* Update ansible-test sanity command. (#31958)
* ios_ping test fix (#32342)
* fix CI failure yaml syntax (#32374)
* Scan group_vars/host_vars in sorted order
* luseradd defaults to creating w/o need for -m (#32411)
* Integration Tests only: nxos_udld, nxos_udld_interface, nxos_vxlan_vtep_vni (#29143) (#32962)
* Fix: modifying existing application lb using certificates now properly sets certificates (#28217)
* ios_logging: Fix some smaller issues, add unit test (#32321)
* Fix nxos_snmp_host bug (#32916) (#32958)
* ovirt_hosts: Don't fail upgrade when NON_RESPONSIVE state
* ini plugin should recursively instantiate pending
* eos_user: sends user secret first on user creation fixes #31680 (#32162)
* Cast target port to an int in elb_target_group. Fixes #32098 (#32202)
* New release v2.4.2.0-0.5.rc1
* remove misleading group vars as they are flat (#32276)
* Fix typo
* Avoid default inventory proccessing for pull (#32135)
* Fix ansible-test default image. (#31966)
* removed superfluous `type` field from RecordSet constructor (#33167)
* Update k8s_common.py
* Add ios_logging fixes to changelog 2.4.2beta2 (#32447)
* Revert 'Removed a force conditional (#28851)' (#32282)
* Add new documentation on writing unittests to the changelog
* Fix ansible-test race calling get_coverage_path.
* New release v2.4.2.0-1
- update to 2.3.2.0 (final) - bsc#1059235
- update to 2.3.1 RC1 (package version 2.3.0.1) (bsc#1056094):
as 'unsafe'. bsc#1038785
* SECURITY (MODERATE): fix for CVE-2017-7466, which finally fixes
an arbitrary command execution vulnerability
- security update to rc4 of 2.2.1.0 version CVE-2016-9587,
CVE-2016-8628, CVE-2016-8614, CVE-2016-8647, CVE-2016-9587
(bsc#1008037, bsc#1008038, bsc#1010940, bsc#1019021)
Changes in ardana-ansible:
- Update to version 8.0+git.1596735237.54109b1:
* Update the Swift XFS inode size check (SOC-10300)
- Update to version 8.0+git.1596204601.75b0e4e:
* Fix upgrade validations Keystone V3 check target (SOC-10300)
Changes in ardana-cinder:
- Update to version 8.0+git.1596129856.263f430:
* Install python-swiftclient as cinder-backup dependency (SOC-11364)
Changes in ardana-glance:
- Update to version 8.0+git.1593631779.76fa9b7:
* Idempotent cirros image upload to glance (SOC-11342)
Changes in ardana-mq:
- Update to version 8.0+git.1593618123.678c32b:
* Ensure epmd.service started/stopped independent of rabbitmq (SOC-6780)
Changes in ardana-nova:
- Update to version 8.0+git.1601298847.dd01585:
* restore ram_weight_multiplier to default (bsc#1123561)
* enable all weigher classes by default (bsc#1123561)
- Update to version 8.0+git.1595857666.cf6b4a9:
* Correction for (bsc#1174242)
- Update to version 8.0+git.1595356665.56726ed:
* Disable nova-consoleauth monasca process check (bsc#1174242)
Changes in ardana-osconfig:
- Update to version 8.0+git.1595885113.93abcbc:
* Enable SLE12 SP3 LTSS for SMT deployments (SOC-11223)
Changes in crowbar-core:
- Update to version 5.0+git.1600432272.b3ad722f0:
* provisioner: check for client_user (SOC-11389)
* upgrade: Allow transition from crowbar_upgrade to reboot (trivial)
- Update to version 5.0+git.1600352887.1e23b8015:
* Ignore CVE-2020-15169 (SOC-11391)
- Update to version 5.0+git.1594898401.caf0b325c:
* crowbar: Also add access to /restricted/ in SSL vhost (SOC-11352)
- Update to version 5.0+git.1593779118.8362c57e5:
* crowbar: Allow hardware-installing -> discovering transition (noref)
* crowbar: Add Restricted controller with API for restricted clients (bsc#1117080)
* crowbar: Add complete list of states to Crowbar::State (noref)
* provisioner: Remove the need for /updates/parse_node_data (noref)
* crowbar: Create helper module to validate states (noref)
* provisioner: Use new restricted API (bsc#1117080)
* provisioner: Do not read /etc/crowbar.install.key from crowbar_joi (bsc#1117080)
* provisioner: Remove use of privileged user for Windows machine (bsc#1117080)
* provisioner: Use restricted client during provisioning (bsc#1117080)
* provisioner: Use restricted client for crowbar_register (bsc#1117080)
* provisioner: Drop /etc/crowbar.install.key bits from autoyast prof (bsc#1117080)
* Avoid hardcoding machine-install user (bsc#1117080)
* crowbar: Restrict admin access (bsc#1117080)
Changes in crowbar-openstack:
- Update to version 5.0+git.1599037158.5c4d07480:
* horizon: Update configuration for Grafana 5.x
Changes in documentation-suse-openstack-cloud:
- Update to version 8.20201007:
* reveresed step8 and 9 in PTF installation (SOC-10616)
* Modified the PTF install instructions as per the (SOC-10616)
- Update to version 8.20200904:
* Clarify reboot instructions during update workflow (SOC-11386)
- Update to version 8.20200921:
* replacd postgreSQL to MariaDB as per comments4 and 5 in ticket (SOC-11000)
- Update to version 8.20200424:
* Update ESX documentation for DVS creation (bsc#1142121)
* Fix table issues
Changes in grafana:
- BuildRequire go1.14 explicitly
- Add recompress source service
- Add go_modules source service to create vendor.tar.gz
containing 3rd party go modules.
- Adjust spec to work for Grafana-6.7.4
- Adjust Makefile to work for Grafana-6.7.4
- Remove CVE-2019-15043.patch (merged upstream)
- Remove CVE-2020-13379.patch (merged upstream)
- Remove 0001-fix-XSS-vulnerabilities-in-dashboard-links.patch (merged upstream)
- Remove 0002-CVE-2020-12052-bsc1170657-XSS-annotation-popup-vulnerability.patch
(merged upstream)
- Remove systemd-notification.patch (merged upstream)
- Update to version 6.7.4 (bsc#1172450, CVE-2018-18623,
CVE-2018-18624, CVE-2018-18625, bsc#1174583, CVE-2020-11110)
* Security: Urgent security fix for stored XSS
- Update to version 6.7.3
* Admin: Fix Synced via LDAP message for non-LDAP external users. [#23477]
* Alerting: Fix notifications for alerts with empty message in Google
Hangouts notifier. [#23559]
* AuthProxy: Fix bug where long username could not be cached. [#22926]
* Dashboard: Fix saving dashboard when editing raw dashboard JSON model.
[#23314]
* Dashboard: Try to parse 8 and 15 digit numbers as timestamps if parsing of
time range as date fails. [#21694]
* DashboardListPanel: Fix problem with empty panel after going into edit
mode (General folder filter being automatically added) . [#23426]
* Data source: Handle datasource withCredentials option properly. [#23380]
* Security: Fix annotation popup XSS vulnerability [#23813]
* Security: Fix XSS vulnerability in table panel [#23816]
* Server: Exit Grafana with status code 0 if no error. [#23312]
* TablePanel: Fix XSS issue in header column rename (backport). [#23814]
* Variables: Fix error when setting adhoc variable values. [#23580]
- Update to version 6.7.2
* BackendSrv: Adds config to response to fix issue for external plugins that
used this property . [#23032]
* Dashboard: Fix issue with saving new dashboard after changing title .
[#23104]
* DataLinks: make sure we use the correct datapoint when dataset contains
null value.. [#22981]
* Plugins: Fix issue for plugins that imported dateMath util . [#23069]
* Security: Fix for dashboard snapshot original dashboard link could contain
XSS vulnerability in url. [#23254]
* Variables: Fix issue with too many queries being issued for nested
template variables after value change. [#23220]
* Plugins: Expose promiseToDigest. [#23249]
* Reporting: Fix issue updating a report created by someone else
(Enterprise)
- Update to version 6.7.1
* Azure: Fix dropdowns not showing current value. [#22914]
* BackendSrv: only add content-type on POST, PUT requests. [#22910]
* Panels: Fix size issue with panel internal size when exiting panel edit
mode. [#22912]
* Reporting: fixes migrations compatibility with mysql (Enterprise)
* Reporting: Reduce default concurrency limit to 4 (Enterprise)
- Update to version 6.7.0
* AzureMonitor: support workspaces function for template variables. [#22882]
* SQLStore: Add migration for adding index on annotation.alert_id. [#22876]
* TablePanel: Enable new units picker . [#22833]
* AngularPanels: Fix inner height calculation for angular panels. [#22796]
* BackendSrv: makes sure provided headers are correctly recognized and set. [#22778]
* Forms: Fix input suffix position (caret-down in Select) . [#22780]
* Graphite: Fix issue with query editor and next select metric now showing
after selecting metric node [#22856]
* Rich History: UX adjustments and fixes. [#22729]
* Slack: Removed _Mention_ setting and instead introduce _Mention Users_,
_Mention Groups_, and _Mention Channel_.
* Alerting: Reverts the behavior of `diff` and `percent_diff` to not always
be absolute.
* API: Include IP address when logging request error. [#21596]
* Alerting: Support passing tags to Pagerduty and allow notification on
specific event categories [#21335]
* Chore: Remove angular dependency from backendSrv. [#20999]
* CloudWatch: Surround dimension names with double quotes. [#22222]
* CloudWatch: updated metrics and dimensions for Athena, DocDB, and
Route53Resolver. [#22604]
* Cloudwatch: add Usage Metrics. [#22179]
* Dashboard: Adds support for a global minimum dashboard refresh interval.
[#19416]
* DatasourceEditor: Add UI to edit custom HTTP headers. [#17846]
Elastic: To get fields, start with today's index and go backwards. [#22318]
* Explore: Rich history. [#22570]
* Graph: canvas's Stroke is executed after loop. [#22610]
* Graphite: Don't issue empty 'select metric' queries. [#22699]
* Image Rendering: Store render key in remote cache to enable renderer to
callback to public/load balancer URL when running in HA mode. [#22031]
* LDAP: Add fallback to search_base_dns if group_search_base_dns is
undefined [#21263]
* OAuth: Implement Azure AD provide. [#20030]
* Prometheus: Implement region annotation. [#22225]
* Prometheus: make \$\_\_range more precise. [#21722]
* Prometheus: Do not show rate hint when increase function is used in query.
[#21955]
* Stackdriver: Project selector. [#22447]
* TablePanel: display multi-line text. [#20210]
* Templating: Add new global built-in variables. [#21790]
* Reporting: add concurrent render limit to settings (Enterprise)
* Reporting: Add rendering timeout in settings (Enterprise)
* API: Fix redirect issues. [#22285]
* Alerting: Don't include image_url field with Slack message if empty.
[#22372]
* Alerting: Fix bad background color for default notifications in alert tab
. [#22660]
* Annotations: In table panel when setting transform to annotation, they will
now show up right away without a manual refresh. [#22323]
* Azure Monitor: Fix app insights source to allow for new timeFrom and
timeTo. [#21879]
* BackendSrv: Fix POST body for form data. [#21714]
* CloudWatch: Credentials cache invalidation fix. [#22473]
CloudWatch: Expand alias variables when query yields no result [#22695]
* Dashboard: Fix bug with NaN in alerting. [#22053]
* Explore: Fix display of multiline logs in log panel and explore. [#22057]
* Heatmap: Legend color range is incorrect when using custom min/max
[#21748]
* Security: Fix XSS issue in dashboard history diff. [#22680]
* StatPanel: Fix base color being used for null values. [#22646]
- Update to version 6.6.2
* Data proxy: Log proxy errors using Grafana logger. [#22174]
* Metrics: Add gauge for requests currently in flight. [#22168]
* @grafana/ui: Fix displaying of bars in React Graph. [#21968]
* API: Fix redirect issue when configured to use a subpath. [#21652]
* API: Improve recovery middleware when response already been written [#22256]
* Auth: Don't rotate auth token when requests are cancelled by client [#22106]
* Elasticsearch: Fix auto interval for date histogram in explore logs mode. [#21937]
* Image Rendering: Fix PhantomJS compatibility with es2016 node dependencies. [#21677]
* Links: Assure base url when single stat, panel and data links are built. [#21956]
* Loki, Prometheus: Fix PromQL and LogQL syntax highlighting. [#21944]
* OAuth: Enforce auto_assign_org_id setting when role mapping enabled using
Generic OAuth. [#22268]
* Prometheus: Updates explore query editor to prevent it from throwing error
on edit. [#21605]
* Server: Reorder cipher suites for better security. [#22101]
* TimePicker: fixing weird behavior with calendar when switching between
months/years. [#22253]
- Update to version 6.6.1
* Annotations: Change indices and rewrites annotation find query to improve
database query performance. [#21915]
* Azure Monitor: Fix Application Insights API key field to allow input. [#21738]
* BarGauge: Fix so we properly display the 'no result' value when query
returns empty result. [#21791]
* Datasource: Show access (Browser/Server) select on the Prometheus
datasource. [#21833]
* DatasourceSettings: Fix issue navigating away from data source settings
page. [#21841]
* Graph Panel: Fix typo in thresholds form. [#21903]
* Graphite: Fix issue with functions with multiple required params and no
defaults [#21814]
* Image Rendering: Fix render of graph panel legend aligned to the right
using Grafana image renderer plugin/service. [#21854]
* Metrics: Adds back missing summary quantiles. [#21858]
* OpenTSDB: Adds back missing ngInject to make it work again. [#21796]
* Plugins: Fix routing in app plugin pages. [#21847]
* Prometheus: Fix default step value for annotation query. [#21934]
* Quota: Makes LDAP + Quota work for the first login of a new user. [#21949]
* StatPanels: Fix change from singlestat to Gauge / BarGauge / Stat where
default min & max (0, 100) was copied . [#21820]
* TimePicker: Should display in kiosk mode. [#21816]
* grafana/toolkit: Fix failing linter when there were lint issues. [#21849]
- Update to version 6.6.0
* CloudWatch: Add DynamoDB Accelerator (DAX) metrics & dimensions. [#21644]
* CloudWatch: Auto period snap to next higher period. [#21659]
* Template variables: Add error for failed query variable on time range
update. [#21731]
* XSS: Sanitize column link. [#21735]
* Elasticsearch: Fix adhoc variable filtering for logs query. [#21346]
* Explore: Fix colors for log level when level value is capitalised. [#21646]
* Explore: Fix context view in logs, where some rows may have been filtered
out. [#21729]
Loki: Fix Loki with repeated panels and interpolation for Explore. [#21685]
* SQLStore: Fix PostgreSQL failure to create organisation for first time. [#21648]
* PagerDuty: Change `payload.custom_details` field in PagerDuty notification
to be a JSON object instead of a string.
* Security: The `[security]` setting `cookie_samesite` configured to `none`
now renders cookies with `SameSite=None` attribute.
* Graphite: Add Metrictank dashboard to Graphite datasource
* Admin: Show name of user in users table view. [#18108]
* Alerting: Add configurable severity support for PagerDuty notifier. [#19425]
* Alerting: Add more information to webhook notifications. [#20420]
* Alerting: Add support for sending tags in OpsGenie notifier. [#20810]
* Alerting: Added fallbackText to Google Chat notifier. [#21464]
* Alerting: Adds support for sending a single email to all recipients in
email notifier. [#21091]
* Alerting: Enable setting of OpsGenie priority via a tag. [#21298]
* Alerting: Use fully qualified status emoji in Threema notifier. [#21305]
* Alerting: new min_interval_seconds option to enforce a minimum evaluation
frequency. [#21188]
* CloudWatch: Calculate period based on time range. [#21471]
* CloudWatch: Display partial result in graph when max DP/call limit is
reached. [#21533]
* CloudWatch: ECS/ContainerInsights metrics support. [#21125]
* CloudWatch: Upgrade aws-sdk-go. [#20510]
* DataLinks: allow using values from other fields in the same row (cells). [#21478]
* Editor: Ignore closing brace when it was added by editor. [#21172]
* Explore: Context tooltip to copy labels and values from graph. [#21405]
* Explore: Log message line wrapping options for logs. [#20360]
* Forms: introduce RadioButtonGroup. [#20828]
* Frontend: Changes in Redux location should not strip subpath from location
url. [#20161]
* Graph: Add fill gradient option to series override line fill. [#20941]
* Graphite: Add metrictank dashboard to Graphite datasource. [#20776]
* Graphite: Do not change query when opening the query editor and there is no
data. [#21588]
* Gravatar: Use HTTPS by default. [#20964]
* Loki: Support for template variable queries. [#20697]
* NewsPanel: Add news as a builtin panel. [#21128]
* OAuth: Removes send_client_credentials_via_post setting. [#20044]
* OpenTSDB: Adding lookup limit to OpenTSDB datasource settings. [#20647]
* Postgres/MySQL/MSSQL: Adds support for region annotations. [#20752]
* Prometheus: Field to specify step in Explore. [#20195]
* Prometheus: User metrics metadata to inform query hints. [#21304]
* Renderer: Add user-agent to remote rendering service requests. [#20956]
* Security: Add disabled option for cookie samesite attribute. [#21472]
* Stackdriver: Support meta labels. [#21373]
* TablePanel, GraphPanel: Exclude hidden columns from CSV. [#19925]
* Templating: Update variables on location changed. [#21480]
* Tracing: Support configuring Jaeger client from environment. [#21103]
* Units: Add currency and energy units. [#20428]
* Units: Support dynamic count and currency units. [#21279]
* grafana/toolkit: Add option to override webpack config. [#20872]
* grafana/ui: ConfirmModal component. [#20965]
* grafana/ui: Create Tabs component. [#21328]
* grafana/ui: New table component. [#20991]
* grafana/ui: New updated time picker. [#20931]
* White-labeling: Makes it possible to customize the footer and login
background (Enterprise)
* API: Optionally list expired API keys. [#20468]
* Alerting: Fix custom_details to be a JSON object instead of a string in
PagerDuty notifier. [#21150]
* Alerting: Fix image rendering and uploading timeout preventing to send
alert notifications. [#21536]
* Alerting: Fix panic in dingding notifier. [#20378]
* Alerting: Fix template query validation logic. [#20721]
* Alerting: If no permission to clear history, keep the historical data. [#19007]
* Alerting: Unpausing a non-paused alert rule should not change status to
Unknown. [#21375]
* Api: Fix returned message when enabling, disabling and deleting a
non-existing user. [#21391]
* Auth: Rotate auth tokens at the end of requests. [#21347]
* Azure Monitor: Fix error when using azure monitor credentials with log
analytics and non-default cloud. [#21032]
* CLI: Return error and aborts when plugin file extraction fails. [#20849]
* CloudWatch: Multi-valued template variable dimension alias fix. [#21541]
* Dashboard: Disable draggable panels on small devices. [#20629]
* DataLinks: Links with \${\_\_value.time} do not work when clicking on first
result. [#20019]
* Explore: Fix showing of results in selected timezone (UTC/local). [#20812]
* Explore: Fix timepicker when browsing back after switching datasource. [#21454]
* Explore: Sync timepicker and logs after live-tailing stops. [#20979]
* Graph: Fix when clicking a plot on a touch device we won't display the
annotation menu. [#21479]
* OAuth: Fix role mapping from id token. [#20300]
* Plugins: Add appSubUrl string to config pages. [#21414]
* Provisioning: Start provision dashboards after Grafana server have started. [#21564]
* Render: Use https as protocol when rendering if HTTP2 enabled. [#21600]
* Security: Use same cookie settings for all cookies. [#19787]
* Singlestat: Support empty value map texts. [#20952]
* Units: Custom suffix and prefix units can now be specified, for example
custom currency & SI & time formats. [#20763]
* grafana/ui: Do not build grafana/ui in strict mode as it depends on
non-strict libs. [#21319]
- Update to version 6.5.3
* API: Validate redirect_to cookie has valid (Grafana) url. [#21057]
* AdHocFilter: Shows SubMenu when filtering directly from table. [#21017]
* Cloudwatch: Fix crash when switching from cloudwatch data source. [#21376]
* DataLinks: Sanitize data/panel link URLs. [#21140]
* Elastic: Fix multiselect variable interpolation for logs. [#20894]
* Prometheus: allow user to change HTTP Method in config settings. [#21055]
* Prometheus: Prevents validation of inputs when clicking in them without
changing the value. [#21059]
* Rendering: Fix panel PNG rendering when using sub url and
serve_from_sub_path = true. [#21306]
* Table: Matches column names with unescaped regex characters. [#21164]
- Update to version 6.5.2
* Alerting: Improve alert threshold handle dragging behavior. [#20922]
* AngularPanels: Fix loading spinner being stuck in some rare cases. [#20878]
* CloudWatch: Fix query editor does not render in Explore. [#20909]
* CloudWatch: Remove illegal character escaping in inferred expressions. [#20915]
* CloudWatch: Remove template variable error message. [#20864]
* CloudWatch: Use datasource template variable in curated dashboards. [#20917]
* Elasticsearch: Set default port to 9200 in ConfigEditor. [#20948]
* Gauge/BarGauge: Added support for value mapping of 'no data'-state to
text/value. [#20842]
* Graph: Prevent tooltip from being displayed outside of window. [#20874]
* Graphite: Fix error with annotation metric queries. [#20857]
* Login: Fix fatal error when navigating from reset password page. [#20747]
* MixedDatasources: Do not filter out all mixed data sources in add mixed
query dropdown. [#20990]
* Prometheus: Fix caching for default labels request. [#20718]
* Prometheus: Run default labels query only once. [#20898]
* Security: Fix invite link still accessible after completion or revocation. [#20863]
* Server: Fail when unable to create log directory. [#20804]
* TeamPicker: Increase size limit from 10 to 100. [#20882]
* Units: Remove SI prefix symbol from new milli/microSievert(/h) units. [#20650]
- Update to version 6.5.1
* CloudWatch: Region template query fix. [#20661]
* CloudWatch: Fix annotations query editor loading. [#20687]
* Panel: Fix undefined services/dependencies in plugins without
`/@ngInject*/`. [#20696]
* Server: Fix failure to start with 'bind: address already in use' when using
socket as protocol. [#20679]
* Stats: Fix active admins/editors/viewers stats are counted more than once
if the user is part of more than one org. [#20711]
- Update to version 6.5.0
* CloudWatch: Add curated dashboards for most popular amazon services. [#20486]
* CloudWatch: Enable Min time interval. [#20260]
* Explore: UI improvements for log details. [#20485]
* Server: Improve grafana-server diagnostics configuration for profiling and
tracing. [#20593]
* BarGauge/Gauge: Add back missing title option field display options. [#20616]
* CloudWatch: Fix high CPU load. [#20579]
* CloudWatch: Fix high resolution mode without expression. [#20459]
* CloudWatch: Make sure period variable is being interpreted correctly. [#20447]
* CloudWatch: Remove HighResolution toggle since it's not being used. [#20440]
* Cloudwatch: Fix LaunchTime attribute tag bug. [#20237]
* Data links: Fix URL field turns read-only for graph panels. [#20381]
* Explore: Keep logQL filters when selecting labels in log row details. [#20570]
* MySQL: Fix TLS auth settings in config page. [#20501]
* Provisioning: Fix unmarshaling nested jsonData values. [#20399]
* Server: Should fail when server is unable to bind port. [#20409]
* Templating: Prevents crash when \$\_\_searchFilter is not a string. [#20526]
* TextPanel: Fix issue with template variable value not properly html
escaped [#20588]
* TimePicker: Should update after location change. [#20466]
* CloudWatch: use GetMetricsData API for all queries
* CloudWatch: The GetMetricData API does not return metric unit, so unit auto
detection in panels is no longer supported.
* CloudWatch: The `HighRes` switch has been removed from the query editor.
* API: Add `createdAt` and `updatedAt` to api/users/lookup. [#19496]
* API: Add createdAt field to /api/users/:id. [#19475]
* Admin: Adds setting to disable creating initial admin user. [#19505]
* Alerting: Include alert_state in Kafka notifier payload. [#20099]
* AuthProxy: Can now login with auth proxy and get a login token. [#20175]
* AuthProxy: replaces setting ldap_sync_ttl with sync_ttl. [#20191]
* AzureMonitor: Alerting for Azure Application Insights. [#19381]
* Build: Upgrade to Go 1.13. [#19502]
* CLI: Reduce memory usage for plugin installation. [#19639]
* CloudWatch: Add ap-east-1 to hard-coded region lists. [#19523]
* CloudWatch: ContainerInsights metrics support. [#18971]
* CloudWatch: Support dynamic queries using dimension wildcards [#20058]
* CloudWatch: Stop using GetMetricStatistics and use GetMetricData for all
time series requests [#20057]
* CloudWatch: Convert query editor from Angular to React [#19880]
* CloudWatch: Convert config editor from Angular to React [#19881]
* CloudWatch: Improved error handling when throttling occurs [#20348]
* CloudWatch: Deep linking from Grafana panel to CloudWatch console [#20279]
* CloudWatch: Add Grafana user agent to GMD calls [#20277]
* Dashboard: Allows the d-solo route to be used without slug. [#19640]
* Elasticsearch: Adds support for region annotations. [#17602]
* Explore: Add custom DataLinks on datasource level (like tracing links). [#20060]
* Explore: Add functionality to show/hide query row results. [#19794]
* Explore: Synchronise time ranges in split mode. [#19274]
* Explore: UI change for log row details . [#20034]
* Frontend: Migrate DataSource HTTP Settings to React. [#19452]
* Frontend: Show browser not supported notification. [#19904]
* Graph: Added series override option to have hidden series be persisted on
save. [#20124]
* Graphite: Add Metrictank option to settings to view Metrictank request
processing info in new inspect feature. [#20138]
* LDAP: Enable single user sync. [#19446]
* LDAP: Last org admin can login but wont be removed. [#20326]
* LDAP: Support env variable expressions in ldap.toml file. [#20173]
* OAuth: Generic OAuth role mapping support. [#17149]
* Prometheus: Custom query parameters string for Thanos downsampling. [#19121]
* Provisioning: Allow saving of provisioned dashboards. [#19820]
* Security: Minor XSS issue resolved by angularjs upgrade from 1.6.6 ->
1.6.9. [#19849]
* TablePanel: Prevents crash when data contains mixed data formats. [#20202]
* Templating: Introduces \$\_\_searchFilter to Query Variables. [#19858]
* Templating: Made default template variable query editor field a textarea
with automatic height. [#20288]
* Units: Add milli/microSievert, milli/microSievert/h and pixels. [#20144]
* Units: Added mega ampere and watt-hour per kg. [#19922]
* Enterprise: Enterprise without a license behaves like OSS (Enterprise)
* API: Added dashboardId and slug in response to dashboard import api. [#19692]
* API: Fix logging of dynamic listening port. [#19644]
* BarGauge: Fix so that default thresholds not keeps resetting. [#20190]
* CloudWatch: Fix incorrect casing of Redshift dimension entry for service
class and stage. [#19897]
* CloudWatch: Fixing AWS Kafka dimension names. [#19986]
* CloudWatch: Metric math broken when using multi template variables [#18337]
* CloudWatch: Graphs with multiple multi-value dimension variables don't work [#17949]
* CloudWatch: Variables' values surrounded with braces in request sent to AWS [#14451]
* CloudWatch: Cloudwatch Query for a list of instances for which data is
available in the selected time interval [#12784]
* CloudWatch: Dimension's positioning/order should be stored in the json
dashboard [#11062]
* CloudWatch: Batch CloudWatch API call support in backend [#7991]
* ColorPicker: Fix issue with ColorPicker disappearing too quickly. [#20289]
* Datasource: Add custom headers on alerting queries. [#19508]
plugins in alpine. [#20214]
* Elasticsearch: Fix template variables interpolation when redirecting to
Explore. [#20314]
* Elasticsearch: Support rendering in logs panel. [#20229]
* Explore: Expand template variables when redirecting from dashboard panel. [#19582]
* OAuth: Make the login button display name of custom OAuth provider. [#20209]
* ReactPanels: Adds Explore menu item. [#20236]
* Team Sync: Fix URL encode Group IDs for external team sync. [#20280]
- Update to version 6.4.5
* CloudWatch: Fix high CPU load [#20579]
- Update to version 6.4.4
* MySQL: Fix encoding in connection string [#20192]
* DataLinks: Fix blur issues. [#19883]
* LDAP: try all LDAP servers even if one returns a connection error. [#20077]
* LDAP: No longer shows incorrectly matching groups based on role in debug
page. [#20018]
* Singlestat: Fix no data / null value mapping . [#19951]
- Update to version 6.4.3
* Alerting: All notification channels should send even if one fails to send. [#19807]
* AzureMonitor: Fix slate interference with dropdowns. [#19799]
* ContextMenu: make ContextMenu positioning aware of the viewport width. [#19699]
* DataLinks: Fix context menu not showing in singlestat-ish visualisations. [#19809]
* DataLinks: Fix url field not releasing focus. [#19804]
* Datasource: Fix issue where clicking outside of some query editors required
2 clicks. [#19822]
* Panels: Fix default tab for visualizations without Queries Tab. [#19803]
* Singlestat: Fix issue with mapping null to text. [#19689]
* @grafana/toolkit: Don't fail plugin creation when git user.name config is
not set. [#19821]
* @grafana/toolkit: TSLint line number off by 1. [#19782]
- Update to version 6.4.2
* CloudWatch: Changes incorrect dimension wmlid to wlmid . [#19679]
* Grafana Image Renderer: Fix plugin page. [#19664]
* Graph: Fix auto decimals logic for y axis ticks that results in too many
decimals for high values. [#19618]
* Graph: Switching to series mode should re-render graph. [#19623]
* Loki: Fix autocomplete on label values. [#19579]
* Loki: Removes live option for logs panel. [#19533]
* Profile: Fix issue with user profile not showing more than sessions
sessions in some cases. [#19578]
* Prometheus: Always sort results in Panel by query order. [#19597]
* Show SAML login button if SAML is enabled. [#19591]
* SingleStat: Fix $__name postfix/prefix usage. [#19687]
* Table: Proper handling of json data with dataframes. [#19596]
* Units: Fix wrong id for Terabits/sec. [#19611]
- Update to version 6.4.1
* Provisioning: Fix issue where empty nested keys in YAML provisioning
caused server crash, [#19547]
- Update to version 6.4.0
* Build: Upgrade go to 1.12.10. [#19499]
* DataLinks: Suggestions menu improvements. [#19396]
* Explore: Take root_url setting into account when redirecting from dashboard
to explore. [#19447]
* Explore: Update broken link to logql docs. [#19510]
* Logs: Adds Logs Panel as a visualization. [#19504]
* Reporting: Generate and email PDF reports based on Dashboards (Enterprise)
* CLI: Fix version selection for plugin install. [#19498]
* Graph: Fix minor issue with series override color picker and custom color. [#19516]
* Splunk plugin needs to be updated when upgrading from 6.3 to 6.4
* Azure Monitor: Remove support for cross resource queries (#19115)'. [#19346]
* Graphite: Time range expansion reduced from 1 minute to 1 second. [#19246]
* grafana/toolkit: Add plugin creation task. [#19207]
* Alerting: Prevents creating alerts from unsupported queries. [#19250]
* Alerting: Truncate PagerDuty summary when greater than 1024 characters. [#18730]
* Cloudwatch: Fix autocomplete for Gamelift dimensions. [#19146]
* Dashboard: Fix export for sharing when panels use default data source. [#19315]
* Database: Rewrite system statistics query to perform better. [#19178]
* Gauge/BarGauge: Fix issue with [object Object] in titles . [#19217]
* MSSQL: Revert usage of new connectionstring format introduced by #18384. [#19203]
* Multi-LDAP: Do not fail-fast on invalid credentials. [#19261]
* MySQL, Postgres, MSSQL: Fix validating query with template variables in
alert. [#19237]
* MySQL, Postgres: Update raw sql when query builder updates. [#19209]
* MySQL: Limit datasource error details returned from the backend. [#19373]
* Reporting: Created scheduled PDF reports for any dashboard (Enterprise).
* API: Readonly datasources should not be created via the API. [#19006]
* Alerting: Include configured AlertRuleTags in Webhooks notifier. [#18233]
* Annotations: Add annotations support to Loki. [#18949]
* Annotations: Use a single row to represent a region. [#17673]
* Auth: Allow inviting existing users when login form is disabled. [#19048]
* Azure Monitor: Add support for cross resource queries. [#19115]
* CLI: Allow installing custom binary plugins. [#17551]
* Dashboard: Adds Logs Panel (alpha) as visualization option for Dashboards. [#18641]
* Dashboard: Reuse query results between panels . [#16660]
* Dashboard: Set time to to 23:59:59 when setting To time using calendar. [#18595]
* DataLinks: Add DataLinks support to Gauge, BarGauge and stat panel. [#18605]
* DataLinks: Enable access to labels & field names. [#18918]
* DataLinks: Enable multiple data links per panel. [#18434]
* Elasticsearch: allow templating queries to order by doc_count. [#18870]
* Explore: Add throttling when doing live queries. [#19085]
* Explore: Adds ability to go back to dashboard, optionally with query
changes. [#17982]
* Explore: Reduce default time range to last hour. [#18212]
* Gauge/BarGauge: Support decimals for min/max. [#18368]
* Graph: New series override transform constant that renders a single point
as a line across the whole graph. [#19102]
* Image rendering: Add deprecation warning when PhantomJS is used for
rendering images. [#18933]
* InfluxDB: Enable interpolation within ad-hoc filter values. [#18077]
* LDAP: Allow an user to be synchronized against LDAP. [#18976]
* Ldap: Add ldap debug page. [#18759]
* Loki: Remove prefetching of default label values. [#18213]
* Metrics: Add failed alert notifications metric. [#18089]
* OAuth: Support JMES path lookup when retrieving user email. [#14683]
* OAuth: return GitLab groups as a part of user info (enable team sync). [#18388]
* Panels: Add unit for electrical charge - ampere-hour. [#18950]
* Plugin: AzureMonitor - Reapply MetricNamespace support. [#17282]
* Plugins: better warning when plugins fail to load. [#18671]
* Postgres: Add support for scram sha 256 authentication. [#18397]
* RemoteCache: Support SSL with Redis. [#18511]
* SingleStat: The gauge option in now disabled/hidden (unless it's an old
panel with it already enabled) . [#18610]
* Stackdriver: Add extra alignment period options. [#18909]
* Units: Add South African Rand (ZAR) to currencies. [#18893]
* Units: Adding T,P,E,Z,and Y bytes. [#18706]
* Alerting: Notification is sent when state changes from no_data to ok. [#18920]
* Alerting: fix duplicate alert states when the alert fails to save to the
database. [#18216]
* Alerting: fix response popover prompt when add notification channels. [#18967]
* CloudWatch: Fix alerting for queries with Id (using GetMetricData). [#17899]
* Explore: Fix auto completion on label values for Loki. [#18988]
* Explore: Fix crash using back button with a zoomed in graph. [#19122]
* Explore: only run queries in Explore if Graph/Table is shown. [#19000]
* MSSQL: Change connectionstring to URL format to fix using passwords with
semicolon. [#18384]
* MSSQL: Fix memory leak when debug enabled. [#19049]
* Provisioning: Allow escaping literal '$' with '$\$' in configs to avoid
interpolation. [#18045]
* TimePicker: Fix hiding time picker dropdown in FireFox. [#19154]
* Various breaking changes in the annotations HTTP API for region annotations.
- Update to version 6.3.7
* CloudWatch: Fix high CPU load [#20579]
- Update to version 6.3.6
* Metrics: Adds setting for turning off total stats metrics. [#19142]
* Database: Rewrite system statistics query to perform better. [#19178]
* Explore: Fix error when switching from prometheus to loki data sources. [#18599]
- Update to version 6.3.5
* Dashboard: Fix dashboards init failed loading error for dashboards with
panel links that had missing properties. [#18786]
* Editor: Fix issue where only entire lines were being copied. [#18806]
* Explore: Fix query field layout in splitted view for Safari browsers. [#18654]
* LDAP: multildap + ldap integration. [#18588]
* Profile/UserAdmin: Fix for user agent parser crashes grafana-server on
32-bit builds. [#18788]
* Prometheus: Prevents panel editor crash when switching to Prometheus data
source. [#18616]
* Prometheus: Changes brace-insertion behavior to be less annoying. [#18698]
- Update to version 6.3.4
* Annotations: Fix failing annotation query when time series query is
cancelled. [#18532]
* Auth: Do not set SameSite cookie attribute if cookie_samesite is none. [#18462]
* DataLinks: Apply scoped variables to data links correctly. [#18454]
* DataLinks: Respect timezone when displaying datapoint's timestamp in graph
context menu. [#18461]
* DataLinks: Use datapoint timestamp correctly when interpolating variables. [#18459]
* Explore: Fix loading error for empty queries. [#18488]
* Graph: Fix legend issue clicking on series line icon and issue with
horizontal scrollbar being visible on windows. [#18563]
* Graphite: Avoid glob of single-value array variables . [#18420]
* Prometheus: Fix queries with label_replace remove the \$1 match when
loading query editor. [#18480]
* Prometheus: More consistently allows for multi-line queries in editor. [#18362]
* TimeSeries: Assume values are all numbers. [#18540]
- Update to version 6.3.2
* Gauge/BarGauge: Fix issue with lost thresholds and an issue loading Gauge
with avg stat. [#18375]
- Update to version 6.3.1
* PanelLinks: Fix crash issue with Gauge & Bar Gauge panels with panel links
(drill down links). [#18430]
- Update to version 6.3.0
* OAuth: Do not set SameSite OAuth cookie if cookie_samesite is None. [#18392]
* PanelLinks: Fix render issue when there is no panel description. [#18408]
* Auth Proxy: Include additional headers as part of the cache key. [#18298]
* OAuth: Fix 'missing saved state' OAuth login failure due to SameSite cookie
policy. [#18332]
* cli: fix for recognizing when in dev mode.. [#18334]
* Build grafana images consistently. [#18224]
* Docs: SAML. [#18069]
* Permissions: Show plugins in nav for non admin users but hide plugin
configuration. [#18234]
* TimePicker: Increase max height of quick range dropdown. [#18247]
* DataLinks: Fix incorrect interpolation of \${\_\_series_name} . [#18251]
* Loki: Display live tailed logs in correct order in Explore. [#18031]
* PhantomJS: Fix rendering on Debian Buster. [#18162]
* TimePicker: Fix style issue for custom range popover. [#18244]
* Timerange: Fix a bug where custom time ranges didn't respect UTC. [#18248]
* remote_cache: Fix redis connstr parsing. [#18204]
* Alerting: Add tags to alert rules. [#10989]
* Alerting: Attempt to send email notifications to all given email addresses. [#16881]
* Alerting: Improve alert rule testing. [#16286]
* Alerting: Support for configuring content field for Discord alert notifier. [#17017]
* Alertmanager: Replace illegal chars with underscore in label names. [#17002]
* Auth: Allow expiration of API keys. [#17678]
* Auth: Return device, os and browser when listing user auth tokens in HTTP
API. [#17504]
* Auth: Support list and revoke of user auth tokens in UI. [#17434]
* AzureMonitor: change clashing built-in Grafana variables/macro names for
Azure Logs. [#17140]
* CloudWatch: Made region visible for AWS Cloudwatch Expressions. [#17243]
* Cloudwatch: Add AWS DocDB metrics. [#17241]
* Dashboard: Use timezone dashboard setting when exporting to CSV. [#18002]
* Data links. [#17267]
* Elasticsearch: Support for visualizing logs in Explore . [#17605]
* Explore: Adds Live option for supported data sources. [#17062]
* Explore: Adds orgId to URL for sharing purposes. [#17895]
* Explore: Adds support for new loki 'start' and 'end' params for labels
endpoint. [#17512]
* Explore: Adds support for toggling raw query mode in explore. [#17870]
* Explore: Allow switching between metrics and logs . [#16959]
* Explore: Combines the timestamp and local time columns into one. [#17775]
* Explore: Display log lines context . [#17097]
* Explore: Don't parse log levels if provided by field or label. [#17180]
* Explore: Improves performance of Logs element by limiting re-rendering. [#17685]
* Explore: Support for new LogQL filtering syntax. [#16674]
* Explore: Use new TimePicker from Grafana/UI. [#17793]
* Explore: handle newlines in LogRow Highlighter. [#17425]
* Graph: Added new fill gradient option. [#17528]
* GraphPanel: Don't sort series when legend table & sort column is not
visible. [#17095]
* InfluxDB: Support for visualizing logs in Explore. [#17450]
* Logging: Login and Logout actions (#17760). [#17883]
* Logging: Move log package to pkg/infra. [#17023]
* Metrics: Expose stats about roles as metrics. [#17469]
* MySQL/Postgres/MSSQL: Add parsing for day, weeks and year intervals in
macros. [#13086]
* MySQL: Add support for periodically reloading client certs. [#14892]
* Plugins: replace dataFormats list with skipDataQuery flag in plugin.json. [#16984]
* Prometheus: Take timezone into account for step alignment. [#17477]
* Prometheus: Use overridden panel range for \$\_\_range instead of dashboard
range. [#17352]
* Prometheus: added time range filter to series labels query. [#16851]
* Provisioning: Support folder that doesn't exist yet in dashboard
provisioning. [#17407]
* Refresh picker: Handle empty intervals. [#17585]
* Singlestat: Add y min/max config to singlestat sparklines. [#17527]
* Snapshot: use given key and deleteKey. [#16876]
* Templating: Correctly display __text in multi-value variable after page
reload. [#17840]
* Templating: Support selecting all filtered values of a multi-value
variable. [#16873]
* Tracing: allow propagation with Zipkin headers. [#17009]
* Users: Disable users removed from LDAP. [#16820]
* SAML: Add SAML as an authentication option (Enterprise)
* AddPanel: Fix issue when removing moved add panel widget . [#17659]
* CLI: Fix encrypt-datasource-passwords fails with sql error. [#18014]
* Elasticsearch: Fix default max concurrent shard requests. [#17770]
* Explore: Fix browsing back to dashboard panel. [#17061]
* Explore: Fix filter by series level in logs graph. [#17798]
* Explore: Fix issues when loading and both graph/table are collapsed. [#17113]
* Explore: Fix selection/copy of log lines. [#17121]
* Fix: Wrap value of multi variable in array when coming from URL. [#16992]
* Frontend: Fix for Json tree component not working. [#17608]
* Graphite: Fix for issue with alias function being moved last. [#17791]
* Graphite: Fix issue with seriesByTag & function with variable param. [#17795]
* Graphite: use POST for /metrics/find requests. [#17814]
* HTTP Server: Serve Grafana with a custom URL path prefix. [#17048]
* InfluxDB: Fix single quotes are not escaped in label value filters. [#17398]
* Prometheus: Correctly escape '|' literals in interpolated PromQL variables. [#16932]
* Prometheus: Fix when adding label for metrics which contains colons in
Explore. [#16760]
* SinglestatPanel: Remove background color when value turns null. [#17552]
- Update to version 6.2.5
* Grafana-CLI: Wrapper for `grafana-cli` within RPM/DEB packages and
config/homepath are now global flags. [#17695]
* Panel: Fully escape html in drilldown links (was only sanitized before). [#17731]
* Config: Fix connectionstring for remote_cache in defaults.ini. [#17675]
* Elasticsearch: Fix empty query (via template variable) should be sent as
wildcard. [#17488]
* HTTP-Server: Fix Strict-Transport-Security header. [#17644]
* TablePanel: fix annotations display. [#17646]
- Update to version 6.2.4
* Grafana-CLI: Fix receiving flags via command line . [#17617]
* HTTPServer: Fix X-XSS-Protection header formatting. [#17620]
- Update to version 6.2.3
* AuthProxy: Optimistic lock pattern for remote cache Set. [#17485]
* HTTPServer: Options for returning new headers X-Content-Type-Options,
X-XSS-Protection and Strict-Transport-Security. [#17522]
* Auth Proxy: Fix non-negative cache TTL. [#17495]
* Grafana-CLI: Fix receiving configuration flags from the command line. [#17606]
* OAuth: Fix for wrong user token updated on OAuth refresh in DS proxy. [#17541]
* remote_cache: Fix redis. [#17483]
- Update to version 6.2.2
* Security: Prevent CSV formula injection attack when exporting data. [#17363]
* CloudWatch: Fix error when hiding/disabling queries. [#17283]
* Database: Fix slow permission query in folder/dashboard search. [#17427]
* Explore: Fix updating time range before running queries. [#17349]
* Plugins: Fix plugin config page navigation when using subpath. [#17364]
- Update to version 6.2.1
* CLI: Add command to migrate all data sources to use encrypted password fields . [#17118]
* Gauge/BarGauge: Improvements to auto value font size . [#17292]
* Auth Proxy: Resolve database is locked errors. [#17274]
* Database: Retry transaction if sqlite returns database is locked error. [#17276]
* Explore: Fix filtering query by clicked value when a Prometheus Table is
clicked. [#17083]
* Singlestat: Fix issue with value placement and line wraps. [#17249]
* Tech: Update jQuery to 3.4.1 to fix issue on iOS 10 based browsers as well
as Chrome 53.x. [#17290]
- Update to version 6.2.0
* BarGauge: Fix for negative min values. [#17192]
* Gauge/BarGauge: Fix for issues editing min & max options. [#17174]
* Search: Make only folder name only open search with current folder filter. [#17226]
* AzureMonitor: Revert to clearing chained dropdowns. [#17212]
* Data source plugins that process hidden queries need to add a
'hiddenQueries: true' attribute in plugin.json. [#17124]
* Plugins: Support templated urls in plugin routes. [#16599]
* Packaging: New MSI windows installer package\*\*. [#17073]
* Dashboard: Fix blank dashboard after window resize with panel without
title. [#16942]
* Dashboard: Fix lazy loading & expanding collapsed rows on mobile. [#17055]
* Dashboard: Fix scrolling issues for Edge browser. [#17033]
* Dashboard: Show refresh button in first kiosk(tv) mode. [#17032]
* Explore: Fix empty result from data source should render logs container. [#16999]
* Explore: Filter query by clicked value when clicking in a Prometheus Table [#17083]
* Explore: Makes it possible to zoom in Explore/Loki/Graph without exception. [#16991]
* Gauge: Fix orientation issue after switching from BarGauge to Gauge. [#17064]
* GettingStarted: Fix layout issues in getting started panel. [#16941]
* InfluxDB: Fix HTTP method should default to GET. [#16949]
* Panels: Fix alert icon position in panel header. [#17070]
* Panels: Fix panel error tooltip not showing. [#16993]
* Plugins: Fix how datemath utils are exposed to plugins. [#16976]
* Singlestat: fixed centering issue for very small panels. [#16944]
* Search: Scroll issue in dashboard search in latest Chrome. [#17054]
* Gauge: Adds background shade to gauge track and improves height usage. [#17019]
* RemoteCache: Avoid race condition in Set causing error on insert. . [#17082]
* Admin: Add more stats about roles. [#16667]
* Alert list panel: Support variables in filters. [#16892]
* Alerting: Adjust label for send on all alerts to default . [#16554]
* Alerting: Makes timeouts and retries configurable. [#16259]
* Alerting: No notification when going from no data to pending. [#16905]
* Alerting: Pushover alert, support for different sound for OK. [#16525]
* Auth: Enable retries and transaction for some db calls for auth tokens. [#16785]
* AzureMonitor: Adds support for multiple subscriptions per data source. [#16922]
* Bar Gauge: New multi series enabled gauge like panel with horizontal and
vertical layouts and 3 display modes. [#16918]
* Build: Upgrades to golang 1.12.4. [#16545]
* CloudWatch: Update AWS/IoT metric and dimensions. [#16337]
* Config: Show user-friendly error message instead of stack trace. [#16564]
* Dashboard: Enable filtering dashboards in search by current folder. [#16790]
* Dashboard: Lazy load out of view panels . [#15554]
* DataProxy: Restore Set-Cookie header after proxy request. [#16838]
* Data Sources: Add pattern validation for time input on data source config
pages. [#16837]
* Elasticsearch: Add 7.x version support. [#16646]
* Explore: Adds reconnect for failing data source. [#16226]
* Explore: Support user timezone. [#16469]
* InfluxDB: Add support for POST HTTP verb. [#16690]
* Loki: Search is now case insensitive. [#15948]
* OAuth: Update jwt regexp to include `=`. [#16521]
* Panels: No title will no longer make panel header take up space. [#16884]
* Prometheus: Adds tracing headers for Prometheus datasource. [#16724]
* Provisioning: Add API endpoint to reload provisioning configs. [#16579]
* Provisioning: Do not allow deletion of provisioned dashboards. [#16211]
* Provisioning: Interpolate env vars in provisioning files. [#16499]
* Provisioning: Support FolderUid in Dashboard Provisioning Config. [#16559]
* Security: Add new setting allow_embedding. [#16853]
* Security: Store data source passwords encrypted in secureJsonData. [#16175]
* UX: Improve Grafana usage for smaller screens. [#16783]
* Units: Add angle units, Arc Minutes and Seconds. [#16271]
* CloudWatch: Fix query order not affecting series ordering & color. [#16408]
* CloudWatch: Use default alias if there is no alias for metrics. [#16732]
* Config: Fix bug where timeouts for alerting was not parsed correctly. [#16784]
* Elasticsearch: Fix view percentiles metric in table without date histogram. [#15686]
* Explore: Prevents histogram loading from killing Prometheus instance. [#16768]
* Graph: Allow override decimals to fully override. [#16414]
* Mixed Data Source: Fix error when one query is disabled. [#16409]
* Search: Fix search limits and add a page parameter. [#16458]
* Security: Responses from backend should not be cached. [#16848]
* Gauge Panel: The suffix / prefix options have been removed from the new
Gauge Panel (introduced in v6.0). [#16870]
- Update to version 6.1.6
* Security: Bump jQuery to 3.4.0 . [#16761]
* Playlist: Fix loading dashboards by tag. [#16727]
- Update to version 6.1.4
* DataPanel: Added missing built-in interval variables to scopedVars. [#16556]
* Explore: Adds maxDataPoints to data source query options . [#16513]
* Explore: Recalculate intervals on run query. [#16510]
* Heatmap: Fix for empty graph when panel is too narrow (#16378). [#16460]
* Heatmap: Fix auto decimals when bucket name is not number. [#16609]
* QueryInspector: Now shows error responses again. [#16514]
- Update to version 6.1.3
* Graph: Fix auto decimals in legend values for some units like `ms` and
`s`. [#16455]
* Graph: Fix png rendering with legend to the right. [#16463]
* Singlestat: Use decimals when manually specified. [#16451]
* Fix broken UI switches: Default Data Source switch, Explore Logs switches,
Gauge option switches. [#16303]
- Update to version 6.1.2
* Graph: Fix series legend color for hidden series. [#16438]
* Graph: Fix tooltip highlight on white theme. [#16429]
* Styles: Fix menu hover highlight border. [#16431]
* Singlestat Panel: Correctly use the override decimals. [#16413]
- Update to version 6.1.1
* Graphite: Editing graphite query function now works again. [#16390]
* Playlist: Kiosk & auto fit panels modes are working normally again . [#16403]
* QueryEditors: Toggle edit mode now always work on slower computers. [#16394]
- Update to version 6.1.0
* CloudWatch: Fix for dimension value list when changing dimension key. [#16356]
* Graphite: Editing function arguments now works again. [#16297]
* InfluxDB: Fix tag names with periods in alert evaluation. [#16255]
* PngRendering: Fix for panel height & title centering . [#16351]
* Templating: Fix for editing query variables. [#16299]
* Prometheus: adhoc filter support [#8253]
* Permissions: Editors can become admin for dashboards, folders and teams
they create. [#15977]
* Alerting: Don't include non-existing image in MS Teams notifications. [#16116]
* Api: Invalid org invite code [#10506]
* Annotations: Fix for native annotations filtered by template variable with
pipe. [#15515]
* Dashboard: Fix for time regions spanning across midnight. [#16201]
* Data Source: Handles nil jsondata field gracefully [#14239]
* Data Source: Empty user/password was not updated when updating data sources [#15608]
* Elasticsearch: Fix using template variables in the alias field. [#16229]
* Elasticsearch: Fix incorrect index pattern padding in alerting queries. [#15892]
* Explore: Fix for Prometheus autocomplete not working in Firefox. [#16192]
* Explore: Fix for url does not keep query after browser refresh. [#16189]
* Gauge: Interpolate scoped variables in repeated gauges [#15739]
* Graphite: Fix issue with using series ref and series by tag. [#16111]
* Graphite: Fix variable quoting when variable value is numeric. [#16149]
* Heatmap: Fix Y-axis tick labels being in wrong order for some Prometheus
queries. [#15932]
* Heatmap: Negative values are now displayed correctly in graph & legend. [#15953]
* Heatmap: legend shows wrong colors for small values [#14019]
* InfluxDB: Always close request body even for error status codes. [#16207]
* ManageDashboards: Fix for checkboxes not appearing properly Firefox . [#15981]
* Playlist: Leaving playlist now always stops playlist . [#15791]
* Prometheus: fixes regex ad-hoc filters variables with wildcards. [#16234]
* TablePanel: Column color style now works even after removing columns. [#16227]
* TablePanel: Fix for white text on white background when value is null. [#16199]
- Update to version 6.0.2
* Alerting: Fix issue with AlertList panel links resulting in panel not
found errors. [#15975]
* Dashboard: Improved error handling when rendering dashboard panels. [#15970]
* LDAP: Fix allow anonymous server bind for ldap search. [#15872]
* Discord: Fix discord notifier so it doesn't crash when there are no image
generated. [#15833]
* Panel Edit: Prevent search in VizPicker from stealing focus. [#15802]
* Data Source admin: Fix url of back button in data source edit page, when
root_url configured. [#15759]
- Update to version 6.0.1
* Metrics: Fix broken usagestats metrics for /metrics [#15651]
* Dashboard: append &kiosk to the url in Kiosk mode [#15765]
* Dashboard: respect header in kiosk=tv mode with autofitpanels [#15650]
* Image rendering: Fix image rendering issue for dashboards with auto
refresh. [#15818]
* Dashboard: Fix only users that can edit a dashboard should be able to
update panel json. [#15805]
* LDAP: fix allow anonymous initial bind for ldap search. [#15803]
* UX: ixed scrollbar not visible initially (only after manual scroll). [#15798]
* Data Source admin TestData [#15793]
* Dashboard: Fix scrolling issue that caused scroll to be locked to bottom. [#15792]
* Explore: Viewers with viewers_can_edit should be able to access /explore. [#15787]
* Security fix: limit access to org admin and alerting pages. [#15761]
* Panel Edit minInterval changes did not persist [#15757]
* Teams: Fix bug when getting teams for user. [#15595]
* Stackdriver: fix for float64 bounds for distribution metrics [#14509]
* Stackdriver: no reducers available for distribution type [#15179]
- Update to version 6.0.0
* Dashboard: fixes click after scroll in series override menu [#15621]
* MySQL: fix mysql query using \_interval_ms variable throws error [#14507]
* Influxdb: Add support for alerting on InfluxDB queries that use the
non_negative_difference function [#15415]
* Alerting: Fix percent_diff calculation when points are nulls [#15443]
* Alerting: Fix handling of alert urls with true flags [#15454]
* AzureMonitor: Enable alerting by converting Azure Monitor API to Go [#14623]
* Security: Fix CSRF Token validation for POSTs [#1441]
* Internal Metrics Edition has been added to the build_info metric. This will
break any Graphite queries using this metric. Edition will be a new label
for the Prometheus metric. [#15363]
* Gauge: Fix issue with gauge requests being cancelled [#15366]
* Gauge: Accept decimal inputs for thresholds [#15372]
* UI: Fix error caused by named colors that are not part of named colors
palette [#15373]
* Search: Bug pressing special regexp chars in input fields [#12972]
* Permissions: No need to have edit permissions to be able to 'Save as' [#13066]
* Alerting: Adds support for Google Hangouts Chat notifications [#11221]
* Elasticsearch: Support bucket script pipeline aggregations [#5968]
* Influxdb: Add support for time zone (`tz`) clause [#10322]
* Snapshots: Enable deletion of public snapshot [#14109]
* Provisioning: Provisioning support for alert notifiers [#10487]
* Explore: A whole new way to do ad-hoc metric queries and exploration. Split
view in half and compare metrics & logs.
* Auth: Replace remember me cookie solution for Grafana's builtin, LDAP and
OAuth authentication with a solution based on short-lived tokens [#15303]
* Search: Fix for issue with scrolling the 'tags filter' dropdown, fixes [#14486]
* Prometheus: fix annotation always using 60s step regardless of
dashboard range [#14795]
* Annotations: Fix creating annotation when graph panel has no data points
position the popup outside viewport [#13765]
* Piechart/Flot: Fix multiple piechart instances with donut bug [#15062]
* Postgres: Fix default port not added when port not configured [#15189]
* Alerting: Fix crash bug when alert notifier folders are missing [#15295]
* Dashboard: Fix save provisioned dashboard modal [#15219]
* Dashboard: Fix having a long query in prometheus dashboard query editor
* blocks 30% of the query field when on OSX and having native scrollbars
[#15122]
* Explore: Fix issue with wrapping on long queries [#15222]
* Explore: Fix cut & paste adds newline before and after selection [#15223]
* Dataproxy: Fix global data source proxy timeout not added to correct http
client [#15258]
* Text Panel: The text panel does no longer by default allow unsanitized
HTML. [#4117]
* Dashboard: Panel property `minSpan` replaced by `maxPerRow`. Dashboard
* migration will automatically migrate all dashboard panels using the
`minSpan` property to the new `maxPerRow` property [#12991]
- Update to version 5.4.3
* MySQL only update session in mysql database when required [#14540]
* Alerting Invalid frequency causes division by zero in alert scheduler [#14810]
* Dashboard Dashboard links do not update when time range changes [#14493]
* Limits Support more than 1000 data sources per org [#13883]
* Backend fix signed in user for orgId=0 result should return active org id [#14574]
* Provisioning Adds orgId to user dto for provisioned dashboards [#14678]
- Update to version 5.4.2
* Data Source admin: Fix for issue creating new data source when same name
exists [#14467]
* OAuth: Fix for oauth auto login setting, can now be set using env variable [#14435]
- Update to version 5.4.1
* Stackdriver: Fix issue with data proxy and Authorization header [#14262]
* Units: fixedUnit for Flow:l/min and mL/min [#14294]
* Logging: Fix for issue where data proxy logged a secret when debug logging
was enabled, now redacted. [#14319]
* TSDB: Fix always take dashboard timezone into consideration when handle
custom time ranges: Add support for alerting on InfluxDB queries that use
the cumulative_sum function. [#14314]
* Embedded Graphs: Iframe graph panels should now work as usual. [#14284]
* Postgres: Improve PostgreSQL Query Editor if using different Schemas, [#14313]
* Quotas: Fix updating org & user quotas. [#14347]
* Cloudwatch: Add the AWS/SES Cloudwatch metrics of BounceRate and
ComplaintRate to auto complete list. [#14401]
* Dashboard Search: Fix filtering by tag issues.
* Graph: Fix time region issues, [#14425]
- Update to version 5.4.0
* Cloudwatch: Fix invalid time range causes segmentation fault [#14150]
* Cloudwatch: AWS/CodeBuild metrics and dimensions [#14167]
* MySQL: Fix `$__timeFrom()` and `$__timeTo()` should respect local time zone [#14228]
* Graph: Fix legend always visible even if configured to be hidden [#14144]
* Elasticsearch: Fix regression when using data source version 6.0+ and
alerting [#14175]
* Alerting: Introduce alert debouncing with the `FOR` setting. [#7886]
* Alerting: Option to disable OK alert notifications [#12330]
* Postgres/MySQL/MSSQL: Adds support for configuration of max open/idle
connections and connection max lifetime. Also, panels with multiple SQL
queries will now be executed concurrently [#11711]
* MySQL: Graphical query builder [#13762]
* MySQL: Support connecting thru Unix socket for MySQL data source [#12342]
* MSSQL: Add encrypt setting to allow configuration of how data sent between
client and server are encrypted [#13629]
* Stackdriver: Not possible to authenticate using GCE metadata server [#13669]
* Teams: Team preferences (theme, home dashboard, timezone) support [#12550]
* Graph: Time regions support enabling highlight of weekdays and/or certain
timespans [#5930]
* OAuth: Automatic redirect to sign-in with OAuth [#11893]
* Stackdriver: Template query editor [#13561]
* Security: Upgrade macaron session package to fix security issue. [#14043]
* Postgres/MySQL/MSSQL data sources now per default uses `max open
connections` = `unlimited` (earlier 10), `max idle connections` = `2`
(earlier 10) and `connection max lifetime` = `4` hours (earlier unlimited).
- Update to version 5.3.4
* Alerting: Delete alerts when parent folder was deleted [#13322]
* MySQL: Fix `$__timeFilter()` should respect local time zone [#13769]
* Dashboard: Fix data source selection in panel by enter key [#13932]
* Graph: Fix table legend height when positioned below graph and using
Internet Explorer 11 [#13903]
* Dataproxy: Drop origin and referer http headers [#13328]
- Update to version 5.3.3
* Fix file exfiltration vulnerability
- Update to version 5.3.2
* InfluxDB/Graphite/Postgres: Prevent XSS in query editor [#13667]
* Postgres: Fix template variables error [#13692]
* Cloudwatch: Fix service panic because of race conditions [#13674]
* Cloudwatch: Fix check for invalid percentile statistics [#13633]
* Stackdriver/Cloudwatch: Allow user to change unit in graph panel if
cloudwatch/stackdriver data source response doesn't include unit [#13718]
* Stackdriver: stackdriver user-metrics duplicated response when multiple
resource types [#13691]
* Variables: Fix text box template variable doesn't work properly without a
default value [#13666]
* Variables: Fix variable dependency check when using `${var}` format [#13600]
* Dashboard: Fix kiosk=1 url parameter should put dashboard in kiosk mode [#13764]
* LDAP: Fix super admins can also be admins of orgs [#13710]
* Provisioning: Fix deleting provisioned dashboard folder should cleanup
provisioning meta data [#13280]
- Update to version 5.3.1
* Render: Fix PhantomJS render of graph panel when legend displayed as table
to the right [#13616]
* Stackdriver: Filter option disappears after removing initial filter [#13607]
* Elasticsearch: Fix no limit size in terms aggregation for alerting queries [#13172]
* InfluxDB: Fix for annotation issue that caused text to be shown twice [#13553]
* Variables: Fix nesting variables leads to exception and missing refresh [#13628]
* Variables: Prometheus: Single letter labels are not supported [#13641]
* Graph: Fix graph time formatting for Last 24h ranges [#13650]
* Playlist: Fix cannot add dashboards with long names to playlist [#13464]
* HTTP API: Fix /api/org/users so that query and limit querystrings works
- Update to version 5.3.0
* Stackdriver: Filter wildcards and regex matching are not yet supported [#13495]
* Stackdriver: Support the distribution metric type for heatmaps [#13559]
* Cloudwatch: Automatically set graph yaxis unit [#13575]
* Stackdriver: Fix for missing ngInject [#13511]
* Permissions: Fix for broken permissions selector [#13507]
* Alerting: Alert reminders deduping not working as expected when running
multiple Grafana instances [#13492]
* Annotations: Enable template variables in tagged annotations queries [#9735]
* Stackdriver: Support for Google Stackdriver data source [#13289]
* Alerting: Notification reminders [#7330]
* Dashboard: TV & Kiosk mode changes, new cycle view mode button in dashboard
toolbar [#13025]
* OAuth: Gitlab OAuth with support for filter by groups [#5623]
* Postgres: Graphical query builder [#10095]
* LDAP: Define Grafana Admin permission in ldap group mappings [#2469]
* LDAP: Client certificates support [#12805]
* Profile: List teams that the user is member of in current/active
organization [#12476]
* Configuration: Allow auto-assigning users to specific organization (other
than Main. Org) [#1823]
* Dataproxy: Pass configured/auth headers to a data source [#10971]
* CloudWatch: GetMetricData support [#11487]
* Postgres: TimescaleDB support, e.g. use `time_bucket` for grouping by time
when option enabled [#12680]
* Cleanup: Make temp file time to live configurable [#11607]
* Postgres data source no longer automatically adds time column alias when
using the $__timeGroup alias.
* Kiosk mode now also hides submenu (variables)
* ?inactive url parameter no longer supported, replaced with kiosk=tv url parameter
* Dashboard: Auto fit dashboard panels to optimize space used for current TV
or Monitor [#12768]
* Frontend: Convert all Frontend Karma tests to Jest tests [#12224]
* Backend: Upgrade to golang 1.11 [#13030]
- Update to version 5.2.4
* GrafanaCli: Fix issue with grafana-cli install plugin resulting in
corrupt http response from source error. [#13079]
- Update to version 5.2.3
* Important fix for LDAP & OAuth login vulnerability
- Update to version 5.2.2
* Prometheus: Fix graph panel bar width issue in aligned prometheus queries [#12379]
* Dashboard: Dashboard links not updated when changing variables [#12506]
* Postgres/MySQL/MSSQL: Fix connection leak [#12636]
* Plugins: Fix loading of external plugins [#12551]
* Dashboard: Remove unwanted scrollbars in embedded panels [#12589]
* Prometheus: Prevent error using \$\_\_interval_ms in query [#12533]
- Update to version 5.2.1
* Auth Proxy: Important security fix for whitelist of IP address feature [#12444]
* UI: Fix - Grafana footer overlapping page [#12430]
* Logging: Errors should be reported before crashing [#12438]
- Update to version 5.2.0
* Plugins: Handle errors correctly when loading data source plugin [#12383]
* Render: Enhance error message if phantomjs executable is not found [#11868]
* Dashboard: Set correct text in drop down when variable is present in url [#11968]
* LDAP: Handle 'dn' ldap attribute more gracefully [#12385]
* Dashboard: Import dashboard to folder [#10796]
* Permissions: Important security fix for API keys with viewer role [#12343]
* Dashboard: Fix so panel titles doesn't wrap [#11074]
* Dashboard: Prevent double-click when saving dashboard [#11963]
* Dashboard: AutoFocus the add-panel search filter [#12189]
* Units: W/m2 (energy), l/h (flow) and kPa (pressure) [#11233]
* Units: Liter/min (flow) and milliLiter/min (flow) [#12282]
* Alerting: Fix mobile notifications for Microsoft Teams alert notifier [#11484]
* Influxdb: Add support for mode function [#12286]
* Cloudwatch: Fix panic caused by bad timerange settings [#12199]
* Auth Proxy: Whitelist proxy IP address instead of client IP address [#10707]
* User Management: Make sure that a user always has a current org assigned [#11076]
* Snapshots: Fix: annotations not properly extracted leading to incorrect
rendering of annotations [#12278]
* LDAP: Allow use of DN in group_search_filter_user_attribute and member_of [#3132]
* Graph: Fix legend decimals precision calculation [#11792]
* Dashboard: Make sure to process panels in collapsed rows when exporting
dashboard [#12256]
* Dashboard: Dashboard link doesn't work when 'As dropdown' option is checked [#12315]
* Dashboard: Fix regressions after save modal changes, including adhoc
template issues [#12240]
* Elasticsearch: Alerting support [#5893]
* Build: Crosscompile and packages Grafana on arm, windows, linux and darwin [#11920]
* Login: Change admin password after first login [#11882]
* Alert list panel: Updated to support filtering alerts by name, dashboard
title, folder, tags [#11500]
* Dashboard: Modified time range and variables are now not saved by default [#10748]
* Graph: Show invisible highest value bucket in histogram [#11498]
* Dashboard: Enable 'Save As...' if user has edit permission [#11625]
* Prometheus: Query dates are now step-aligned [#10434]
* Prometheus: Table columns order now changes when rearrange queries [#11690]
* Variables: Fix variable interpolation when using multiple formatting types [#11800]
* Dashboard: Fix date selector styling for dark/light theme in time picker
control [#11616]
* Discord: Alert notification channel type for Discord, [#7964]
* InfluxDB: Support SELECT queries in templating query, [#5013]
* InfluxDB: Support count distinct aggregation [#11645]
* Dashboard: JSON Model under dashboard settings can now be updated & changes
saved. [#1429]
* Security: Fix XSS vulnerabilities in dashboard links [#11813]
* Singlestat: Fix 'time of last point' shows local time when dashboard
timezone set to UTC [#10338]
* Prometheus: Add support for passing timeout parameter to Prometheus [#11788]
* Login: Add optional option sign out url for generic oauth [#9847]
* Login: Use proxy server from environment variable if available [#9703]
* Invite users: Friendlier error message when smtp is not configured [#12087]
* Graphite: Don't send distributed tracing headers when using direct/browser
access mode [#11494]
* Sidenav: Show create dashboard link for viewers if at least editor in one
folder [#11858]
* SQL: Second epochs are now correctly converted to ms. [#12085]
* Singlestat: Fix singlestat threshold tooltip [#11971]
* Dashboard: Hide grid controls in fullscreen/low-activity views [#11771]
* Dashboard: Validate uid when importing dashboards [#11515]
* Alert list panel: Show alerts for user with viewer role [#11167]
* Provisioning: Verify checksum of dashboards before updating to reduce load
on database [#11670]
* Provisioning: Support symlinked files in dashboard provisioning config
files [#11958]
* Dashboard list panel: Search dashboards by folder [#11525]
* Sidenav: Always show server admin link in sidenav if grafana admin [#11657]
- Update to version 5.1.4
* Permissions: Important security fix for API keys with viewer role [#12343]
- Update to version 5.1.3
* Scroll: Graph panel / legend texts shifts on the left each time we move
scrollbar on firefox [#11830]
- Update to version 5.1.2
* Database: Fix MySql migration issue [#11862]
* Google Analytics: Enable Google Analytics anonymizeIP setting for GDPR [#11656]
- Update to version 5.1.1
* LDAP: LDAP login with MariaDB/MySQL database and dn>100 chars not possible [#11754]
* Build: AppVeyor Windows build missing version and commit info [#11758]
* Scroll: Scroll can't start in graphs on Chrome mobile [#11710]
* Units: Revert renaming of unit key ppm [#11743]
- Update to version 5.1.0
* Folders: Default permissions on folder are not shown as inherited in its
dashboards [#11668]
* Templating: Allow more than 20 previews when creating a variable [#11508]
* Dashboard: Row edit icon not shown [#11466]
* SQL: Unsupported data types for value column using time series query [#11703]
* Prometheus: Prometheus query inspector expands to be very large on
autocomplete queries [#11673]
* MSSQL: New Microsoft SQL Server data source [#10093]
* Prometheus: The heatmap panel now support Prometheus histograms [#10009]
* Postgres/MySQL: Ability to insert 0s or nulls for missing intervals [#9487]
* Postgres/MySQL/MSSQL: Fix precision for the time column in table mode [#11306]
* Graph: Align left and right Y-axes to one level [#1271]
* Graph: Thresholds for Right Y axis [#7107]
* Graph: Support multiple series stacking in histogram mode [#8151]
* Alerting: Pausing/un alerts now updates new_state_date [#10942]
* Alerting: Support Pagerduty notification channel using Pagerduty V2 API [#10531]
* Templating: Add comma templating format [#10632]
* Prometheus: Show template variable candidate in query editor [#9210]
* Prometheus: Support POST for query and query_range [#9859]
* Alerting: Add support for retries on alert queries [#5855]
* Table: Table plugin value mappings [#7119]
* IE11: IE 11 compatibility [#11165]
* Scrolling: Better scrolling experience [#11053]
* Folders: A folder admin cannot add user/team permissions for folder/its
dashboards [#11173]
* Provisioning: Improved workflow for provisioned dashboards [#10883]
* OpsGenie: Add triggered alerts as description [#11046]
* Cloudwatch: Support high resolution metrics [#10925]
* Cloudwatch: Add dimension filtering to CloudWatch `dimension_values()` [#10029]
* Units: Second to HH:mm:ss formatter [#11107]
* Singlestat: Add color to prefix and postfix in singlestat panel [#11143]
* Dashboards: Version cleanup fails on old databases with many entries [#11278]
* Server: Adjust permissions of unix socket [#11343]
* Shortcuts: Add shortcut for duplicate panel [#11102]
* AuthProxy: Support IPv6 in Auth proxy white list [#11330]
* SMTP: Don't connect to STMP server using TLS unless configured. [#7189]
* Prometheus: Escape backslash in labels correctly. [#10555]
* Variables: Case-insensitive sorting for template values [#11128]
* Annotations (native): Change default limit from 10 to 100 when querying api [#11569]
* MySQL/Postgres/MSSQL: PostgreSQL data source generates invalid query with
dates before 1970 [#11530]
* Kiosk: Adds url parameter for starting a dashboard in inactive mode [#11228]
* Dashboard: Enable closing timepicker using escape key [#11332]
* Data Sources: Rename direct access mode in the data source settings [#11391]
* Search: Display dashboards in folder indented [#11073]
* Units: Use B/s instead Bps for Bytes per second [#9342]
* Units: Radiation units [#11001]
* Units: Timeticks unit [#11183]
* Units: Concentration units and 'Normal cubic meter' [#11211]
* Units: New currency - Czech koruna [#11384]
* Avatar: Fix DISABLE_GRAVATAR option [#11095]
* Heatmap: Disable log scale when using time time series buckets [#10792]
* Provisioning: Remove `id` from json when provisioning dashboards, [#11138]
* Prometheus: tooltip for legend format not showing properly [#11516]
* Playlist: Empty playlists cannot be deleted [#11133]
* Switch Orgs: Alphabetic order in Switch Organization modal [#11556]
* Postgres: improve `$__timeFilter` macro [#11578]
* Permission list: Improved ux [#10747]
* Dashboard: Sizing and positioning of settings menu icons [#11572]
* Dashboard: Add search filter/tabs to new panel control [#10427]
* Folders: User with org viewer role should not be able to save/move
dashboards in/to general folder [#11553]
* Influxdb: Don't assume the first column in table response is time. [#11476]
- Update to version 5.0.4
* Dashboard Fix inability to link collapsed panels directly to [#11114]
* Dashboard Provisioning dashboard with alert rules should create alerts [#11247]
* Snapshots For snapshots, the Graph panel renders the legend incorrectly on
right hand side [#11318]
* Alerting Link back to Grafana returns wrong URL if root_path contains
sub-path components [#11403]
* Alerting Incorrect default value for upload images setting for alert
notifiers [#11413]
- Update to version 5.0.3
* Mysql: Mysql panic occurring occasionally upon Grafana dashboard access (a
bigger patch than the one in 5.0.2) [#11155]
- Update to version 5.0.2
* Mysql: Mysql panic occurring occasionally upon Grafana dashboard access [#11155]
* Dashboards: Should be possible to browse dashboard using only uid [#11231]
* Alerting: Fix bug where alerts from hidden panels where deleted [#11222]
* Import: Fix bug where dashboards with alerts couldn't be imported [#11227]
* Teams: Remove quota restrictions from teams [#11220]
* Render: Fix bug with legacy url redirection for panel rendering [#11180]
- Update to version 5.0.1
* Postgres: PostgreSQL error when using ipv6 address as hostname in
connection string [#11055]
* Dashboards: Changing templated value from dropdown is causing unsaved
changes [#11063]
* Prometheus: Fix bundled Prometheus 2.0 dashboard [#11016]
* Sidemenu: Profile menu 'invisible' when gravatar is disabled [#11097]
* Dashboard: Fix a bug with resizable handles for panels [#11103]
* Alerting: Telegram inline image mode fails when caption too long [#10975]
* Alerting: Fix silent failing validation [#11145]
* OAuth: Only use jwt token if it contains an email address [#11127]
- Update to version 5.0.0
* oauth Fix GitHub OAuth not working with private Organizations [#11028]
* kiosk white area over bottom panels in kiosk mode [#11010]
* alerting Fix OK state doesn't show up in Microsoft Teams [#11032]
* Permissions Fix search permissions issues [#10822]
* Permissions Fix problem issues displaying permissions lists [#10864]
* PNG-Rendering Fix problem rendering legend to the right [#10526]
* Reset password Fix problem with reset password form [#10870]
* Light theme Fix problem with light theme in safari, [#10869]
* Provisioning Now handles deletes when dashboard json files removed from
disk [#10865]
* MySQL: Fix issue with schema migration on old mysql (index too long) [#10779]
* GitHub OAuth: Fix fetching github orgs from private github org [#10823]
* Embedding:Fix issues with embedding panel [#10787]
* Dashboards: Dashboard folders, [#1611]
* Teams User groups (teams) implemented. Can be used in folder & dashboard
permission list.
* Dashboard grid: Panels are now laid out in a two dimensional grid (with x,
y, w, h). [#9093]
* Templating: Vertical repeat direction for panel repeats.
* UX: Major update to page header and navigation
* Dashboard settings: Combine dashboard settings views into one with side menu, [#9750]
* Persistent dashboard url's: New url's for dashboards that allows renaming
dashboards without breaking links. [#7883]
* dashboard.json files have been replaced with dashboard provisioning API.
* Config files for provisioning data sources as configuration have changed
from /etc/grafana/conf/datasources to /etc/grafana/provisioning/datasources.
* Pagerduty notifier now defaults to not auto resolve incidents. More details at [#10222]
* `GET /api/alerts` property dashboardUri renamed to url
* New grid engine for positioning dashboard panels
* Alerting: Add support for internal image store [#6922]
* Data Source Proxy: Add support for whitelisting specified cookies to be
be passed through to the data source when proxying [#5457]
* Postgres/MySQL: add \_\_timeGroup macro for mysql [#9596]
* Text: Text panel are now edited in the ace editor. [#9698]
* Teams: Add Microsoft Teams notifier as [#8523]
* Data Sources: Its now possible to configure data sources with config files [#1789]
* Graphite: Query editor updated to support new query by tag features [#9230]
* Dashboard history: New config file option versions_to_keep sets how many
versions per dashboard to store, [#9671]
* Dashboard as cfg: Load dashboards from file into Grafana on startup/change [#9654]
* Prometheus: Grafana can now send alerts to Prometheus Alertmanager while
firing [#7481]
* Table: Support multiple table formatted queries in table panel [#9170]
* Security: Protect against brute force (frequent) login attempts [#7616]
* Graph: Don't hide graph display options (Lines/Points) when draw mode is
unchecked [#9770]
* Alert panel: Adds placeholder text when no alerts are within the time range [#9624]
* Mysql: MySQL enable MaxOpenCon and MaxIdleCon regards how constring is
configured. [#9784]
* Cloudwatch: Fix broken query inspector for cloudwatch [#9661]
* Dashboard: Make it possible to start dashboards from search and dashboard
list panel [#1871]
* Annotations: Posting annotations now return the id of the annotation [#9798]
* Systemd: Use systemd notification ready flag [#10024]
* GitHub: Use organizations_url provided from github to verify user belongs
in org. [#10111]
* Backend: Fix bug where Grafana exited before all sub routines where finished [#10131]
* Azure: Adds support for Azure blob storage as external image stor [#8955]
* Telegram: Add support for inline image uploads to telegram notifier plugin [#9967]
* Sensu: Send alert message to sensu output [#9551]
* Singlestat: suppress error when result contains no datapoints [#9636]
* Postgres/MySQL: Control quoting in SQL-queries when using template variables [#9030]
* Pagerduty: Pagerduty don't auto resolve incidents by default anymore. [#10222]
* Cloudwatch: Fix for multi-valued templated queries. [#9903]
* RabbitMq: Remove support for publishing events to RabbitMQ [#9645]
* API: GET /api/dashboards/db/:slug deprecated, use GET /api/dashboards/uid/:uid
* API: DELETE /api/dashboards/db/:slug deprecated, use DELETE /api/dashboards/uid/:uid
* API: `uri` property in GET /api/search deprecated, use `url` or `uid` property
* API: `meta.slug` property in GET /api/dashboards/uid/:uid and GET
/api/dashboards/db/:slug deprecated, use `meta.url` or `dashboard.uid` property
Changes in grafana-natel-discrete-panel:
- Add recompress source service
- Add set_version source service
- Enable changesgenerate for tar_scm source service
- Update to version 0.0.9:
* split commands
* put back the history
Changes in openstack-cinder:
- Update to version cinder-11.2.3.dev29:
* Remove VxFlex OS credentials from connection\_properties
* Fix stable/pike gate
* tintri: Enable SSL with requests
* [Unity] Fix TypeError for test case test\_delete\_host\_wo\_lock
Changes in openstack-cinder:
- Update to version cinder-11.2.3.dev29:
* Remove VxFlex OS credentials from connection\_properties
* Fix stable/pike gate
* tintri: Enable SSL with requests
* [Unity] Fix TypeError for test case test\_delete\_host\_wo\_lock
Changes in openstack-monasca-installer:
- Add 0001-Add-support-for-ansible-2.9.patch
Changes in openstack-neutron:
- Update to version neutron-11.0.9.dev69:
* Do not block connection between br-int and br-phys on startup
* [EM releases] Move non-voting jobs to the experimental queue
- Update to version neutron-11.0.9.dev66:
* Fix pike gates, multiple fixes
Changes in openstack-neutron:
- Add 0001-Ensure-drop-flows-on-br-int-at-agent-startup-for-DVR-too.patch (LP#1887148)
- Update to version neutron-11.0.9.dev69:
* Do not block connection between br-int and br-phys on startup
* [EM releases] Move non-voting jobs to the experimental queue
- Update to version neutron-11.0.9.dev66:
* Fix pike gates, multiple fixes
Changes in openstack-nova:
- Update to version nova-16.1.9.dev76:
* Removed the host FQDN from the exception message
- Update to version nova-16.1.9.dev74:
* libvirt: Provide VIR\_MIGRATE\_PARAM\_PERSIST\_XML during live migration
- Update to version nova-16.1.9.dev73:
* Fix os-simple-tenant-usage result order
- Update to version nova-16.1.9.dev71:
* Fix false ERROR message at compute restart
- Update to version nova-16.1.9.dev69:
* Check cherry-pick hashes in pep8 tox target
- Update to version nova-16.1.9.dev67:
* libvirt: Do not reraise DiskNotFound exceptions during resize
- Update to version nova-16.1.9.dev66:
* Clean up allocation if unshelve fails due to neutron
* Reproduce bug 1862633
- Update to version nova-16.1.9.dev64:
* Init HostState.failed\_builds
- Update to version nova-16.1.9.dev62:
* Fix os\_CODENAME detection and repo refresh during ceph tests
Changes in openstack-nova:
- Update to version nova-16.1.9.dev76:
* Removed the host FQDN from the exception message
- Rebased patches:
+ 0004-Provide-VIR_MIGRATE_PARAM_PERSIST_XML-during-live-migration.patch dropped (merged upstream)
- Update to version nova-16.1.9.dev74:
* libvirt: Provide VIR\_MIGRATE\_PARAM\_PERSIST\_XML during live migration
- Add 0004-Provide-VIR_MIGRATE_PARAM_PERSIST_XML-during-live-migration.patch
* (bsc#1175484, CVE-2020-17376)
- Update to version nova-16.1.9.dev73:
* Fix os-simple-tenant-usage result order
- Update to version nova-16.1.9.dev71:
* Fix false ERROR message at compute restart
- Update to version nova-16.1.9.dev69:
* Check cherry-pick hashes in pep8 tox target
- Update to version nova-16.1.9.dev67:
* libvirt: Do not reraise DiskNotFound exceptions during resize
- Update to version nova-16.1.9.dev66:
* Clean up allocation if unshelve fails due to neutron
* Reproduce bug 1862633
- Update to version nova-16.1.9.dev64:
* Init HostState.failed\_builds
- Update to version nova-16.1.9.dev62:
* Fix os\_CODENAME detection and repo refresh during ceph tests
Changes in python-Django:
- Update to version 1.11.29 (bsc#1161919, CVE-2020-7471, bsc#1165022, CVE-2020-9402, bsc#1159447, CVE-2019-19844)
* Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions and aggregates on Oracle.
* Pinned PyYAML < 5.3 in test requirements.
* Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter.
* Fixed timezones tests for PyYAML 5.3+.
* Fixed CVE-2019-19844 -- Used verified user email for password reset requests.
* Fixed #31073 -- Prevented CheckboxInput.get_context() from mutating attrs.
* Fixed #30826 -- Fixed crash of many JSONField lookups when one hand side is key transform.
* Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation.
* Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params.
* Added patch CVE-2020-13254.patch
* Added patch CVE-2020-13596.patch
Changes in python-Flask-Cors:
- Add patches to fix a relative directory traversal issue
(boo#1175986, CVE-2020-25032):
* 0001-Handle-request_headers-None.patch
* 0002-Fix-request-path-normalization.patch
Changes in python-Pillow:
- Add 011-Fix-OOB-reads-in-FLI-decoding.patch
* From upstream, backported
* Fixes CVE-2020-10177, bsc#1173413
- Add 012-Fix-bounds-overflow-in-JPEG-2000-decoding.patch
* From upstream, backported
* Fixes CVE-2020-10994, bsc#1173418
- Add 013-Fix-bounds-overflow-in-PCX-decoding.patch
* From upstream, backported
* Fixes CVE-2020-10378, bsc#1173416
Changes in python-ardana-packager:
- fetch updated nova_host_aggregate from git
- Add missing novaclient required domain entries (bsc#1174006)
Changes in python-keystoneclient:
- add 2020-tests-pass.patch:
- Make tests pass in 2020
- update to version 3.13.1
- Updated from global requirements
- Update .gitreview for stable/pike
- Update UPPER_CONSTRAINTS_FILE for stable/pike
- import zuul job settings from project-config
- Avoid tox_install.sh for constraints support
Changes in python-keystonemiddleware:
- added 0001-Make-tests-pass-in-2022.patch
- removed 0001-Add-use_oslo_messaging-option.patch
- update to version 4.17.1
- Update .gitreview for stable/pike
- Update UPPER_CONSTRAINTS_FILE for stable/pike
- Add option to disable using oslo_message notifier
- Fix docs builds
- Updated from global requirements
- import zuul job settings from project-config
Changes in python-kombu:
- Add 0001-Fix-failing-unittests-of-pyamqp-transport.patch
Changes in python-straight-plugin:
- Add pip_no_plugins.patch to avoid error: 'UnboundLocalError:
local variable 'r' referenced before assignment', when there
is no plugin available.
- Initial packaging
Changes in python-urllib3:
- Update urllib3-fix-test-urls.patch. Adjust to match upstream solution.
- Add urllib3-fix-test-urls.patch. Fix tests failing on python checks for
CVE-2019-9740.
- Add urllib3-cve-2020-26137.patch. Don't allow control chars in request
method. (bsc#1177120, CVE-2020-26137)
Changes in release-notes-suse-openstack-cloud:
- Update to version 8.20200922:
* postgreSQL db replace changes are updated for suse openstack cloud section (SOC-11000)
Changes in storm:
- Fix duplicate BuildRequire on storm-kit
- update to 1.2.3 (SOC-9974, CVE-2019-0202, SOC-9998, CVE-2018-11779):
* 1.2.3
* [STORM-3233] - Upgrade zookeeper client to newest version (3.4.13)
* [STORM-3077] - Upgrade Disruptor version to 3.3.11
* [STORM-3083] - Upgrade HikariCP version to 2.4.7
* [STORM-3094] - Topology name needs to be validated at storm-client
* [STORM-3222] - Fix KafkaSpout internals to use LinkedList instead of ArrayList
* [STORM-3292] - Trident HiveState must flush writers when the batch commits
* [STORM-3013] - Deactivated topology restarts if data flows into Kafka
* [STORM-3028] - HdfsSpout does not handle empty files in case of ack enabled
* [STORM-3046] - Getting a NPE leading worker to die when starting a topology.
* [STORM-3047] - Ensure Trident emitter refreshPartitions is only called with partitions assigned to the emitter
* [STORM-3055] - never refresh connection
* [STORM-3068] - STORM_JAR_JVM_OPTS are not passed to storm-kafka-monitor properly
* [STORM-3082] - NamedTopicFilter can't handle topics that don't exist yet
* [STORM-3087] - FluxBuilder.canInvokeWithArgs is too permissive when the method parameter type is a primitive
* [STORM-3090] - The same offset value is used by the same partition number of different topics.
* [STORM-3097] - Remove storm-druid in 2.x and deprecate support for it in 1.x
* [STORM-3102] - Storm Kafka Client performance issues with Kafka Client v1.0.0
* [STORM-3109] - Wrong canonical path set to STORM_LOCAL_DIR in storm kill_workers
* [STORM-3110] - Supervisor does not kill all worker processes in secure mode in case of user mismatch
* [STORM-3121] - Fix flaky metrics tests in storm-core
* [STORM-3122] - FNFE due to race condition between 'async localizer' and 'update blob' timer thread
* [STORM-3123] - Storm Kafka Monitor does not work with Kafka over two-way SSL
* [STORM-3161] - Local mode should force setting min replication count to 1
* [STORM-3164] - Multilang storm.py uses traceback.format_exc incorrectly
* [STORM-3184] - Storm supervisor log showing keystore and truststore password in plaintext
* [STORM-3201] - kafka spout lag on UI needs some cleanup
* [STORM-3301] - The KafkaSpout can in some cases still replay tuples that were already committed
* [STORM-3381] - Upgrading to Zookeeper 3.4.14 added an LGPL dependency
* [STORM-3384] - storm set-log-level command throws wrong exception when the topology is not running
* [STORM-3086] - Update Flux documentation to demonstrate static factory methods (STORM-2796)
* [STORM-3089] - Document worker hooks on the hooks page
* [STORM-3199] - Metrics-ganglia depends on an LGPL library, so we shouldn't depend on it
* [STORM-3289] - Add note about KAFKA-7044 to storm-kafka-client compatibility docs
* [STORM-3330] - Migrate parts of storm-webapp, and reduce use of mocks for files
* 1.2.2
* [STORM-3026] - Upgrade ZK instance for security
* [STORM-3027] - Make Impersonation Optional
* [STORM-2896] - Support automatic migration of offsets from storm-kafka to storm-kafka-client KafkaSpout
* [STORM-2997] - Add logviewer ssl module in SECURITY.md
* [STORM-3006] - Distributed RPC documentation needs an update
* [STORM-3011] - Use default bin path in flight.bash if $JAVA_HOME is undefined
* [STORM-3022] - Decouple storm-hive UTs with Hive
* [STORM-3039] - Ports of killed topologies remain in TIME_WAIT state preventing to start new topology
* [STORM-3069] - Allow users to specify maven local repository directory for storm submit tool
* [STORM-2911] - SpoutConfig is serializable but does not declare a serialVersionUID field
* [STORM-2967] - Upgrade jackson to latest version 2.9.4
* [STORM-2968] - Exclude a few unwanted jars from storm-autocreds
* [STORM-2978] - The fix for STORM-2706 is broken, and adds a transitive dependency on Zookeeper 3.5.3-beta for projects that depend on e.g. storm-kafka
* [STORM-2979] - WorkerHooks EOFException during run_worker_shutdown_hooks
* [STORM-2981] - Upgrade Curator to lastest patch version
* [STORM-2985] - Add jackson-annotations to dependency management
* [STORM-2988] - 'Error on initialization of server mk-worker' when using org.apache.storm.metrics2.reporters.JmxStormReporter on worker
* [STORM-2989] - LogCleaner should preserve current worker.log.metrics
* [STORM-2993] - Storm HDFS bolt throws ClosedChannelException when Time rotation policy is used
* [STORM-2994] - KafkaSpout consumes messages but doesn't commit offsets
* [STORM-3043] - NullPointerException thrown in SimpleRecordTranslator.apply()
* [STORM-3052] - Let blobs un archive
* [STORM-3059] - KafkaSpout throws NPE when hitting a null tuple if the processing guarantee is not AT_LEAST_ONCE
* [STORM-2960] - Better to stress importance of setting up proper OS account for Storm processes
* [STORM-3060] - Configuration mapping between storm-kafka & storm-kafka-client
* [STORM-2952] - Deprecate storm-kafka in 1.x
* [STORM-3005] - [DRPC] LinearDRPCTopologyBuilder shouldn't be deprecated
Changes in storm-kit:
- Add _constraints to prevent build from running out of disk space
- Updated kit for storm-1.2.3
Changes in venv-openstack-cinder:
- Ensure that python-swiftclient is pulled into the built venv
via an explicit BuildRequires directive. (SOC-10522)
Changes in venv-openstack-swift:
- Ensure that python-oslo.log is pulled into the built venv by
explicitly requiring the package using a BuildRequires entry.
Patchnames
HPE-Helion-OpenStack-8-2020-3309,SUSE-2020-3309,SUSE-OpenStack-Cloud-8-2020-3309,SUSE-OpenStack-Cloud-Crowbar-8-2020-3309
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for ansible, ardana-ansible, ardana-cinder, ardana-glance, ardana-mq, ardana-nova, ardana-osconfig, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-monasca-installer, openstack-neutron, openstack-nova, python-Django, python-Flask-Cors, python-Pillow, python-ardana-packager, python-keystoneclient, python-keystonemiddleware, python-kombu, python-straight-plugin, python-urllib3, release-notes-suse-openstack-cloud, storm, storm-kit, venv-openstack-cinder, venv-openstack-swift", title: "Title of the patch", }, { category: "description", text: "This update for ansible, ardana-ansible, ardana-cinder, ardana-glance, ardana-mq, ardana-nova, ardana-osconfig, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-monasca-installer, openstack-neutron, openstack-nova, python-Django, python-Flask-Cors, python-Pillow, python-ardana-packager, python-keystoneclient, python-keystonemiddleware, python-kombu, python-straight-plugin, python-urllib3, release-notes-suse-openstack-cloud, storm, storm-kit, venv-openstack-cinder, venv-openstack-swift contains the following fixes:\n\nSecurity fixes included in this update:\nansible to 2.9.14:\n- CVE-2020-1733: Fixed insecure temporary directory when running\nbecome_user (bsc#1164140).\n - CVE-2020-1753: Kubectl connection plugin - connection plugin now\nredact kubectl_token and kubectl_password in console log. (bsc#1166389)\n - CVE-2020-14365: Previously, regardless of the disable_gpg_check\noption, packages were not GPG validated. They are now. (bsc#1175993)\n - CVE-2020-14332: copy - Redact the value of the no_log 'content'\nparameter in the result's invocation.module_args in check mode.\nPreviously when used with check mode and with '-vvv', the module would\nnot censor the content if a change would be made to the destination\npath. (bsc#1174302)\n - CVE-2020-1736: atomic_move - Change default permissions when creating\ntemporary files so they are not world readable (bsc#1164134).\n - CVE-2020-14330: Sanitize no_log values from any response keys that\nmight be returned from the uri module (bsc#1174145).\n - CVE-2019-14846: Reset logging level to INFO. (bsc#1153452).\n - CVE-2020-10744: incomplete fix for CVE-2020-1733 (bsc#1171823).\n\ngrafana:\n- CVE-2018-18623, CVE-2018-18624,CVE-2018-18625: Fixed multiple XSS \n vulnerabilities in dashboard due to a incomplete fix for CVE-2018-12099\n (bsc#1172450).\n- CVE-2020-11110: Fixed a stored XSS (bsc#1174583).\n\nopenstack-nova:\n- CVE-2020-17376: Fixed an information leak during live migration (bsc#1175484).\n\npython-Django to 1.11.29\n- CVE-2020-7471: Fixed a SQL injection via StringAgg delimiter (bsc#1161919).\n- CVE-2020-9402: Fixed a SQL injection via tolerance parameter in GIS functions \n and aggregates (bsc#1165022).\n- CVE-2019-19844: Fixed a potential account hijack via password reset form (bsc#1159447).\n\npython-Flask-Cors\n- CVE-2020-25032: Fixed a potential information leak through path traversal (bsc#1175986).\n\npython-Pillow\n- CVE-2020-10177: Fixed multiple out-of-bounds reads in libImaging/FliDecode.c (bsc#1173413).\n- CVE-2020-10994: Fixed multiple out-of-bounds reads via a crafted JP2 files (bsc#1173418).\n- CVE-2020-10378: Fixed an out-of-bounds read when reading PCX files (bsc#1173416).\n\npython-urllib3\n- CVE-2020-26137: Fixed CRLF injection via HTTP request method (bsc#1177120)\n\nstorm:\n- CVE-2018-11779: Fixed java deserialization vulnerability related to the usage of \n storm-kafka-client or storm-kafka modules (bsc#1143163).\n- CVE-2019-0202: Fixed an information leak related to the log viewer (bsc#1142617).\n\nrubygem-crowbar-client update to 3.9.3:\n- CVE-2018-17954: Fixed information leak of the admin password to all\nnodes in cleartext during provisioning (bsc#1117080)\n\nNon-security fixes included on this update:\n\nChanges in ansible:\n- Update to ansible 2.9.14:\n - minor bugs and fixes, including security bugs:\n - CVE-2020-1753, bsc#1166389: Kubectl connection plugin - connection\n plugin now redact kubectl_token and kubectl_password in console\n log.\n - revert CVE-2020-1736. Users are encouraged to specify a mode\n parameter in their file-based tasks when the files being\n manipulated contain sensitive data.\n - CVE-2020-14365, bsc#1175993: Previously, regardless of the\n disable_gpg_check option, packages were not GPG validated. They\n are now.\n - CVE-2020-14332, bsc#1174302: copy - Redact the value of the no_log\n 'content' parameter in the result's invocation.module_args in\n check mode. Previously when used with check mode and with '-vvv',\n the module would not censor the content if a change would be made\n to the destination path.\n - CVE-2020-1736, bsc#1164134: atomic_move - Change default\n permissions when creating temporary files so they are not world\n readable\n - CVE-2020-14330, bsc#1174145: Sanitize no_log values from any\n response keys that might be returned from the uri module.\n - CVE-2019-14846, bsc#1153452: Reset logging level to INFO.\n - CVE-2020-10744, bsc#1171823, gh#ansible/ansible#69782: incomplete\n fix for CVE-2020-1733\n- Remove patches included upstream:\n - CVE-2020-14330_exposed_keys_uri_mod.patch\n - CVE-2020-10744_avoid_mkdir_p.patch\n- Don't Require python-coverage, it is needed only for testing\n (bsc#1177948).\n\n- Add CVE-2020-14330_exposed_keys_uri_mod.patch which fixes\n CVE-2020-14330 (bsc#1174145). Sanitize no_log values from any\n response keys that might be returned from the uri module. \n Sensitive values marked with ``no_log=True`` will automatically\n have that value stripped from module return values. If\n your module could return these sensitive values as\n part of a dictionary key name, you should call the\n ``ansible.module_utils.basic.sanitize_keys()`` function to\n strip the values from the keys. See the ``uri`` module for an\n example.\n\n- importlib and argparse are required only on SLE-11 and less.\n\n- Add CVE-2020-10744_avoid_mkdir_p.patch (bsc#1171823) to fix\n insecure temporary directory creation.\n\n- Add metadata information to this file to mark which SUSE\n bugzilla have been already fixed.\n- Remove CVE-2017-7550-jenkins-disallow-password-in-params.patch\n as it has been already included in 2.4.1.0\n\n- update to version 2.9.9\n * fix for a regression introduced in 2.9.8\n\n- update to version 2.9.8\n maintenance release containing numerous bugfixes\n\n- update to version 2.9.7 with many bug fixes,\n especially for these security issues:\n - bsc#1164140 CVE-2020-1733 - insecure temporary directory when\n running become_user from become directive\n - bsc#1164139 CVE-2020-1734 shell enabled by default in a pipe\n lookup plugin subprocess\n - bsc#1164137 CVE-2020-1735 - path injection on dest parameter\n in fetch module\n - bsc#1164134 CVE-2020-1736 atomic_move primitive sets\n permissive permissions\n - bsc#1164138 CVE-2020-1737 - Extract-Zip function in win_unzip\n module does not check extracted path\n - bsc#1164136 CVE-2020-1738 module package can be selected by\n the ansible facts\n - bsc#1164133 CVE-2020-1739 - svn module leaks password when\n specified as a parameter\n - bsc#1164135 CVE-2020-1740 - secrets readable after\n ansible-vault edit\n - bsc#1165393 CVE-2020-1746 - information disclosure issue in\n ldap_attr and ldap_entry modules\n - bsc#1166389 CVE-2020-1753 - kubectl connection plugin leaks\n sensitive information\n - bsc#1167532 CVE-2020-10684 - code injection when using\n ansible_facts as a subkey\n - bsc#1167440 CVE-2020-10685 - modules which use files\n encrypted with vault are not properly cleaned up\n - CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2]\n\n- create missing (empty) template and files directories for \n 'ansible-galaxy init' during package build (fixes boo#1137479)\n- require python-xml on python 2 systems (boo#1142542)\n\n- update to version 2.9.6 (maintenance release) including\n these security issues:\n - bsc#1171162 CVE-2020-10729 two random password lookups in\n same task return same value\n\n- update to version 2.9.5 (maintenance release)\n\n- update to version 2.9.4 (maintenance release)\n - fix in yum module\n - security fixes:\n - bsc#1157968 CVE-2019-14904 vulnerability in solaris_zone\n module via crafted solaris zone\n - bsc#1157969 CVE-2019-14905 malicious code could craft\n filename in nxos_file_copy module\n\n- update to version 2.9.3 (maintenance release)\n * security fixes\n - CVE-2019-14904 (solaris_zone module) (boo#1157968)\n - CVE-2019-14905 (nxos_file_copy module) (boo#1157969)\n * various bugfixes\n\n- sync with upstream spec file (especially for RHEL & Fedora builds)\n- ran spec-cleaner\n- remove old SUSE targets (SLE-11, Leap 42.3 and below)\n This simplifies the spec file and makes building easier\n- Additional required packages for building:\n + python-boto3 and python-botocore for Amazon EC2\n + python-jmespath for json queries\n + python-memcached for cloud modules and local caching of JSON \n formatted, per host records\n + python-redis for cloud modules and local caching of JSON \n formatted, per host records\n + python-requests for many web-based modules (cloud, network, \n netapp)\n => as the need for those packages depends on the usage of the \n tool, they are just recommended on openSUSE/SUSE machines\n- made dependencies for gitlab, vmware and winrm modules configurable,\n as most of their dependencies are not (yet) available on current \n openSUSE/SUSE distributions\n- exclude /usr/bin/pwsh from the automatic dependency generation, \n as the Windows Power Shell is not available (yet) on openSUSE/SUSE\n- build additional docs and split up ansible-doc package; \n moving changelogs, contrib and example directories there\n- prepare for building HTML documentation, but disable this per \n default for the moment, as not all package dependencies are available\n in openSUSE/SUSE (yet)\n- package some test scripts with executable permissions\n\n- update to version 2.9.2\n maintenance release containing numerous bugfixes\n\n- Create system directories that Ansible defines as default locations \n in ansible/config/base.yml\n- rephrase the summary line \n- Disable shebang munging for specific paths. These files are data files.\n ansible-test munges the shebangs itself.\n\n- split out ansible-test package for module developers\n\n- update to version 2.9.1\n Full changelog is packaged at /usr/share/doc/packages/ansible/changelogs/\n and also available online at\n https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst\n + CVE-2019-14864: fixed Splunk and Sumologic callback plugins leak \n sensitive data in logs (boo#1154830)\n- replace all #!/usr/bin/env lines to use #!/usr/bin/$1 directly\n\n- added file '/usr/bin/ansible-test' to spec file\n\n- Update to version 2.9.0:\n Full changelog is packaged at /usr/share/doc/packages/ansible/changelogs/\n and also available online at\n https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst\n- Fixed among other this security bug:\n - bsc#1112959 CVE-2018-16837 Information leak in 'user' module patch added\n\n- include the sha checksum file in the source, which allows to verify\n the original sources\n\n- Update to version 2.8.6:\n Full changelog is packaged at /usr/share/doc/packages/ansible/changelogs/\n and also available online at\n https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst\n Included security fixes:\n * CVE-2019-14846: Fixed secrets disclosure on logs due to display is hardcoded\n to DEBUG level (bsc#1153452)\n * CVE-2019-14856: Fixed insufficient fix for CVE-2019-10206 (bsc#1154232)\n * CVE-2019-14858: Fixed data in the sub parameter fields that will not be masked\n and will be displayed when run with increased verbosity (bsc#1154231) \n\n- Update to version 2.8.5:\n Full changelog is packaged at /usr/share/doc/packages/ansible/changelogs/\n and also available online at\n https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst\n- removed patches fixed upstream:\n + CVE-2019-10206-data-disclosure.patch\n + CVE-2019-10217-gcp-modules-sensitive-fields.patch\n\n- Update to version 2.8.3:\n Full changelog is packaged, but also at\n https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst\n - (bsc#1137528) CVE-2019-10156: ansible: templating causing an\n unexpected key file to be set on remote node\n- (bsc#1144453) Adds CVE-2019-10217-gcp-modules-sensitive-fields.patch\n CVE-2019-10217: Fields managing sensitive data should be set as\n such by no_log feature. Some of these fields in GCP modules are\n not set properly. service_account_contents() which is common\n class for all gcp modules is not setting no_log to True. Any\n sensitive data managed by that function would be leak as an\n output when running ansible playbooks.\n\n- Update to version 2.8.1\n Full changelog is at /usr/share/doc/packages/ansible/changelogs/\n Bugfixes\n --------\n - ACI - DO not encode query_string\n - ACI modules - Fix non-signature authentication\n - Add missing directory provided via ``--playbook-dir`` to adjacent collection loading\n - Fix 'Interface not found' errors when using eos_l2_interface with nonexistant\n interfaces configured\n - Fix cannot get credential when `source_auth` set to `credential_file`.\n - Fix netconf_config backup string issue\n - Fix privilege escalation support for the docker connection plugin when\n credentials need to be supplied (e.g. sudo with password).\n - Fix vyos cli prompt inspection\n - Fixed loading namespaced documentation fragments from collections.\n - Fixing bug came up after running cnos_vrf module against coverity.\n - Properly handle data importer failures on PVC creation, instead of timing out.\n - To fix the ios static route TC failure in CI\n - To fix the nios member module params\n - To fix the nios_zone module idempotency failure\n - add terminal initial prompt for initial connection\n - allow include_role to work with ansible command\n - allow python_requirements_facts to report on dependencies containing dashes\n - asa_config fix\n - azure_rm_roledefinition - fix a small error in build scope.\n - azure_rm_virtualnetworkpeering - fix cross subscriptions virtual network\n peering.\n - cgroup_perf_recap - When not using file_per_task, make sure we don't\n prematurely close the perf files\n - display underlying error when reporting an invalid ``tasks:`` block.\n - dnf - fix wildcard matching for state: absent\n - docker connection plugin - accept version ``dev`` as 'newest version' and\n print warning.\n - docker_container - ``oom_killer`` and ``oom_score_adj`` options are available\n since docker-py 1.8.0, not 2.0.0 as assumed by the version check.\n - docker_container - fix network creation when ``networks_cli_compatible`` is\n enabled.\n - docker_container - use docker API's ``restart`` instead of ``stop``/``start``\n to restart a container.\n - docker_image - if ``build`` was not specified, the wrong default for\n ``build.rm`` is used.\n - docker_image - if ``nocache`` set to ``yes`` but not ``build.nocache``, the\n module failed.\n - docker_image - module failed when ``source: build`` was set but\n ``build.path`` options not specified.\n - docker_network module - fix idempotency when using ``aux_addresses`` in\n ``ipam_config``.\n - ec2_instance - make Name tag idempotent\n - eos: don't fail modules without become set, instead show message and continue\n - eos_config: check for session support when asked to 'diff_against: session'\n - eos_eapi: fix idempotency issues when vrf was unspecified.\n - fix bugs for ce - more info see\n - fix incorrect uses of to_native that should be to_text instead.\n - hcloud_volume - Fix idempotency when attaching a server to a volume.\n - ibm_storage - Added a check for null fields in ibm_storage utils module.\n - include_tasks - whitelist ``listen`` as a valid keyword\n - k8s - resource updates applied with force work correctly now\n - keep results subset also when not no_log.\n - meraki_switchport - improve reliability with native VLAN functionality.\n - netapp_e_iscsi_target - fix netapp_e_iscsi_target chap secret size and\n clearing functionality\n - netapp_e_volumes - fix workload profileId indexing when no previous workload\n tags exist on the storage array.\n - nxos_acl some platforms/versions raise when no ACLs are present\n - nxos_facts fix <https://github.com/ansible/ansible/pull/57009>\n - nxos_file_copy fix passwordless workflow\n - nxos_interface Fix admin_state check for n6k\n - nxos_snmp_traps fix group all for N35 platforms\n - nxos_snmp_user fix platform fixes for get_snmp_user\n - nxos_vlan mode idempotence bug\n - nxos_vlan vlan names containing regex ctl chars should be escaped\n - nxos_vtp_* modules fix n6k issues\n - openssl_certificate - fix private key passphrase handling for\n ``cryptography`` backend.\n - openssl_pkcs12 - fixes crash when private key has a passphrase and the module\n is run a second time.\n - os_stack - Apply tags conditionally so that the module does not throw up an\n error when using an older distro of openstacksdk\n - pass correct loading context to persistent connections other than local\n - pkg_mgr - Ansible 2.8.0 failing to install yum packages on Amazon Linux\n - postgresql - added initial SSL related tests\n - postgresql - added missing_required_libs, removed excess param mapping\n - postgresql - move connect_to_db and get_pg_version into\n module_utils/postgres.py (https://github.com/ansible/ansible/pull/55514)\n - postgresql_db - add note to the documentation about state dump and the\n incorrect rc (https://github.com/ansible/ansible/pull/57297)\n - postgresql_db - fix for postgresql_db fails if stderr contains output\n - postgresql_ping - fixed a typo in the module documentation\n - preserve actual ssh error when we cannot connect.\n - route53_facts - the module did not advertise check mode support, causing it\n not to be run in check mode.\n - sysctl: the module now also checks the output of STDERR to report if values\n are correctly set (https://github.com/ansible/ansible/pull/55695)\n - ufw - correctly check status when logging is off\n - uri - always return a value for status even during failure\n - urls - Handle redirects properly for IPv6 address by not splitting on ``:``\n and rely on already parsed hostname and port values\n - vmware_vm_facts - fix the support with regular ESXi\n - vyos_interface fix <https://github.com/ansible/ansible/pull/57169>\n - we don't really need to template vars on definition as we do this on demand\n in templating.\n - win_acl - Fix qualifier parser when using UNC paths -\n - win_hostname - Fix non netbios compliant name handling\n - winrm - Fix issue when attempting to parse CLIXML on send input failure\n - xenserver_guest - fixed an issue where VM whould be powered off even though\n check mode is used if reconfiguration requires VM to be powered off.\n - xenserver_guest - proper error message is shown when maximum number of\n network interfaces is reached and multiple network interfaces are added at\n once.\n - yum - Fix false error message about autoremove not being supported\n - yum - fix failure when using ``update_cache`` standalone\n - yum - handle special '_none_' value for proxy in yum.conf and .repo files\n\n- Update to version 2.8.0\n Major changes:\n * Experimental support for Ansible Collections and content namespacing -\n Ansible content can now be packaged in a collection and addressed via\n namespaces. This allows for easier sharing, distribution, and installation\n of bundled modules/roles/plugins, and consistent rules for accessing\n specific content via namespaces.\n * Python interpreter discovery - The first time a Python module runs on a\n target, Ansible will attempt to discover the proper default Python\n interpreter to use for the target platform/version (instead of immediately\n defaulting to /usr/bin/python). You can override this behavior by\n setting ansible_python_interpreter or via config. \n (see https://github.com/ansible/ansible/pull/50163)\n * become - The deprecated CLI arguments for --sudo, --sudo-user,\n --ask-sudo-pass, -su, --su-user, and --ask-su-pass have been removed, in\n favor of the more generic --become, --become-user, --become-method, and\n --ask-become-pass.\n * become - become functionality has been migrated to a plugin architecture,\n to allow customization of become functionality and 3rd party become methods\n (https://github.com/ansible/ansible/pull/50991)\n- addresses CVE-2018-16859, CVE-2018-16876, CVE-2019-3828, CVE-2018-16837\nFor the full changelog see /usr/share/doc/packages/ansible/changelogs or online:\nhttps://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst\n\n- Update to version 2.7.10\nMinor Changes\n- Catch all connection timeout related exceptions and raise AnsibleConnectionError instead\n- openssl_pkcs12, openssl_privatekey, openssl_publickey - These modules no longer delete the output file before starting to regenerate the output, or when generating the output failed.\nBugfixes\n- Backport of https://github.com/ansible/ansible/pull/54105, pamd - fix idempotence issue when removing rules\n- Use custom JSON encoder in conneciton.py so that ansible objects (AnsibleVaultEncryptedUnicode, for example) can be sent to the persistent connection process\n- allow 'dict()' jinja2 global to function the same even though it has changed in jinja2 versions\n- azure_rm inventory plugin - fix missing hostvars properties (https://github.com/ansible/ansible/pull/53046)\n- azure_rm inventory plugin - fix no nic type in vmss nic. (https://github.com/ansible/ansible/pull/53496)\n- deprecate {Get/Set}ManagerAttributes commands (https://github.com/ansible/ansible/issues/47590)\n- flatpak_remote - Handle empty output in remote_exists, fixes https://github.com/ansible/ansible/issues/51481\n- foreman - fix Foreman returning host parameters\n- get_url - Fix issue with checksum validation when using a file to ensure we skip lines in the file that do not contain exactly 2 parts. Also restrict exception handling to the minimum number of necessary lines (https://github.com/ansible/ansible/issues/48790)\n- grafana_datasource - Fixed an issue when running Python3 and using basic auth (https://github.com/ansible/ansible/issues/49147)\n- include_tasks - Fixed an unexpected exception if no file was given to include.\n- openssl_certificate - fix ``state=absent``.\n- openssl_certificate, openssl_csr, openssl_pkcs12, openssl_privatekey, openssl_publickey - The modules are now able to overwrite write-protected files (https://github.com/ansible/ansible/issues/48656).\n- openssl_dhparam - fix ``state=absent`` idempotency and ``changed`` flag.\n- openssl_pkcs12, openssl_privatekey - These modules now accept the output file mode in symbolic form or as a octal string (https://github.com/ansible/ansible/issues/53476).\n- openssl_publickey - fixed crash on Python 3 when OpenSSH private keys were used with passphrases.\n- openstack inventory plugin: allow 'constructed' functionality (``compose``, ``groups``, and ``keyed_groups``) to work as documented.\n- random_mac - generate a proper MAC address when the provided vendor prefix is two or four characters (https://github.com/ansible/ansible/issues/50838)\n- replace - fix behavior when ``before`` and ``after`` are used together (https://github.com/ansible/ansible/issues/31354)\n- report correct CPU information on ARM systems (https://github.com/ansible/ansible/pull/52884)\n- slurp - Fix issues when using paths on Windows with glob like characters, e.g. ``[``, ``]``\n- ssh - Check the return code of the ssh process before raising AnsibleConnectionFailure, as the error message for the ssh process will likely contain more useful information. This will improve the missing interpreter messaging when using modules such as setup which have a larger payload to transfer when combined with pipelining. (https://github.com/ansible/ansible/issues/53487)\n- tower_settings - 'name' and 'value' parameters are always required, module can not be used in order to get a setting\n- win_acl - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``\n- win_acl_inheritance - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``\n- win_certificate_store - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``\n- win_chocolatey - Fix incompatibilities with the latest release of Chocolatey ``v0.10.12+``\n- win_copy - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``\n- win_file - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``\n- win_find - Ensure found files are sorted alphabetically by the path instead of it being random\n- win_find - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``\n- win_owner - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``\n- win_psexec - Support executables with a space in the path\n- win_reboot - Fix reboot command validation failure when running under the psrp connection plugin\n- win_tempfile - Always return the full NTFS absolute path and not a DOS 8.3 path.\n- win_user_right - Fix output containing non json data - https://github.com/ansible/ansible/issues/54413\n- windows - Fixed various module utils that did not work with path that had glob like chars\n- yum - fix disable_excludes on systems with yum rhn plugin enabled (https://github.com/ansible/ansible/issues/53134)\n\n- Update to version 2.7.9\n Minor Changes\n * Add missing import for ConnectionError in edge and routeros module_utils.\n * ``to_yaml`` filter updated to maintain formatting consistency when used \n with ``pyyaml`` versions 5.1 and later \n (https://github.com/ansible/ansible/pull/53772)\n * docker_image * set ``changed`` to ``false`` when using ``force: yes`` to \n tag or push an image that ends up being identical to one already present on \n the Docker host or Docker registry.\n * jenkins_plugin * Set new default value for the update_url parameter \n (https://github.com/ansible/ansible/issues/52086)\n Bugfixes\n * Fix bug where some inventory parsing tracebacks were missing or reported under the wrong plugin.\n * Fix rabbitmq_plugin idempotence due to information message in new version of rabbitmq (https://github.com/ansible/ansible/pull/52166)\n * Fixed KeyError issue in vmware_host_config_manager when a supported option isn't already set (https://github.com/ansible/ansible/issues/44561).\n * Fixed issue related to --yaml flag in vmware_vm_inventory. Also fixed caching issue in vmware_vm_inventory (https://github.com/ansible/ansible/issues/52381).\n * If large integers are passed as options to modules under Python 2, module argument parsing will reject them as they are of type ``long`` and not of type ``int``.\n * allow nice error to work when auto plugin reads file w/o `plugin` field\n * ansible-doc * Fix traceback on providing arguemnt --all to ansible-doc command\n * azure_rm_virtualmachine_facts * fixed crash related to attached managed disks (https://github.com/ansible/ansible/issues/52181)\n * basic * modify the correct variable when determining available hashing algorithms to avoid errors when md5 is not available (https://github.com/ansible/ansible/issues/51355)\n * cloudscale * Fix compatibilty with Python3 in version 3.5 and lower.\n * convert input into text to ensure valid comparisons in nmap inventory plugin\n * dict2items * Allow dict2items to work with hostvars\n * dnsimple * fixed a KeyError exception related to record types handling.\n * docker_container * now returns warnings from docker daemon on container creation and updating.\n * docker_swarm * Fixed node_id parameter not working for node removal (https://github.com/ansible/ansible/issues/53501)\n * docker_swarm * do not crash with older docker daemons (https://github.com/ansible/ansible/issues/51175).\n * docker_swarm * fixes idempotency for the ``ca_force_rotate`` option.\n * docker_swarm * improve Swarm detection.\n * docker_swarm * improve idempotency checking; ``rotate_worker_token`` and ``rotate_manager_token`` are now also used when all other parameters have not changed.\n * docker_swarm * now supports docker-py 1.10.0 and newer for most operations, instead only docker 2.6.0 and newer.\n * docker_swarm * properly implement check mode (it did apply changes).\n * docker_swarm * the ``force`` option was ignored when ``state: present``.\n * docker_swarm_service * do basic validation of ``publish`` option if specified (must be list of dicts).\n * docker_swarm_service * don't crash when ``publish`` is not specified.\n * docker_swarm_service * fix problem with docker daemons which do not return ``UpdateConfig`` in the swarm service spec.\n * docker_swarm_service * the return value was documented as ``ansible_swarm_service``, but the module actually returned ``ansible_docker_service``. Documentation and code have been updated so that the variable is now called ``swarm_service``. In Ansible 2.7.x, the old name ``ansible_docker_service`` can still be used to access the result.\n * ec2 * if the private_ip has been provided for the new network interface it shouldn't also be added to top level parameters for run_instances()\n * fix DNSimple to ensure check works even when the number of records is larger than 100\n * get_url * return no change in check mode when checksum matches\n * inventory plugins * Fix creating groups from composed variables by getting the latest host variables\n * inventory_aws_ec2 * fix no_log indentation so AWS temporary credentials aren't displayed in tests\n * jenkins_plugin * Prevent plugin to be reinstalled when state=present (https://github.com/ansible/ansible/issues/43728)\n * lvol * fixed ValueError when using float size (https://github.com/ansible/ansible/issues/32886, https://github.com/ansible/ansible/issues/29429)\n * mysql * MySQLdb doesn't import the cursors module for its own purposes so it has to be imported in MySQL module utilities before it can be used in dependent modules like the proxysql module family.\n * mysql * fixing unexpected keyword argument 'cursorclass' issue after migration from MySQLdb to PyMySQL.\n * mysql_user: match backticks, single and double quotes when checking user privileges.\n * onepassword_facts * Fixes issues which prevented this module working with 1Password CLI version 0.5.5 (or greater). Older versions of the CLI were deprecated by 1Password and will no longer function.\n * openssl_certificate * ``has_expired`` correctly checks if the certificate is expired or not\n * openssl_certificate * fix Python 3 string/bytes problems for `notBefore`/`notAfter` for self-signed and ownCA providers.\n * openssl_certificate * make sure that extensions are actually present when their values should be checked.\n * openssl_csr * improve ``subject`` validation.\n * openssl_csr * improve error messages for invalid SANs.\n * play order is now applied under all circumstances, fixes\n * remote_management foreman * Fixed issue where it was impossible to createdelete a product because product was missing in dict choices ( https://github.com/ansible/ansible/issues/48594 )\n * rhsm_repository * handle systems without any repos\n * skip invalid plugin after warning in loader\n * urpmi module * fixed issue\n * win_certificate_store * Fix exception handling typo\n * win_chocolatey * Fix issue when parsing a beta Chocolatey install * https://github.com/ansible/ansible/issues/52331\n * win_chocolatey_source * fix bug where a Chocolatey source could not be disabled unless ``source`` was also set * https://github.com/ansible/ansible/issues/50133\n * win_domain * Do not fail if DC is already promoted but a reboot is required, return ``reboot_required: True``\n * win_domain * Fix when running without credential delegated authentication * https://github.com/ansible/ansible/issues/53182\n * win_file * Fix issue when managing hidden files and directories * https://github.com/ansible/ansible/issues/42466\n * winrm * attempt to recover from a WinRM send input failure if possible\n * zabbix_hostmacro: fixes truncation of macro contexts that contain colons (see https://github.com/ansible/ansible/pull/51853)\n New Plugins\n * vmware_vm_inventory * VMware Guest inventory source\n\n- update URL (use SSL version of the URL)\n- prepare update for multiple releases (bsc#1102126, bsc#1109957)\n\n- Update to version 2.7.8\n Minor Changes:\n * Raise AnsibleConnectionError on winrm connnection errors\n Bugfixes:\n * Backport of https://github.com/ansible/ansible/pull/46478 , fixes name collision in haproxy module\n * Fix aws_ec2 inventory plugin code to automatically populate regions when missing as documentation states, also leverage config system vs self default/type validation\n * Fix unexpected error when using Jinja2 native types with non-strict constructed keyed_groups (https://github.com/ansible/ansible/issues/52158).\n * If an ios module uses a section filter on a device which does not support it, retry the command without the filter.\n * acme_challenge_cert_helper * the module no longer crashes when the required ``cryptography`` library cannot be found.\n * azure_rm_managed_disk_facts * added missing implementation of listing managed disks by resource group\n * azure_rm_mysqlserver * fixed issues with passing parameters while updating existing server instance\n * azure_rm_postgresqldatabase * fix force_update bug (https://github.com/ansible/ansible/issues/50978).\n * azure_rm_postgresqldatabase * fix force_update bug.\n * azure_rm_postgresqlserver * fixed issues with passing parameters while updating existing server instance\n * azure_rm_sqlserver * fix for tags support\n * azure_rm_virtualmachine * fixed several crashes in module\n * azure_rm_virtualmachine_facts * fix crash when vm created from custom image\n * azure_rm_virtualmachine_facts * fixed crash related to VM with managed disk attached\n * ec2 * Correctly sets the end date of the Spot Instance request. Sets `ValidUntil` value in proper way so it will be auto-canceled through `spot_wait_timeout` interval.\n * openssl_csr * fixes idempotence problem with PyOpenSSL backend when no Subject Alternative Names were specified.\n * openstack inventory plugin * send logs from sdk to stderr so they do not combine with output\n * psrp * do not display bootstrap wrapper for each module exec run\n * redfish_utils * get standard properties for firmware entries (https://github.com/ansible/ansible/issues/49832)\n * remote home directory * Disallow use of remote home directories that include relative pathing by means of `..` (CVE-2019-3828, bsc#1126503) (https://github.com/ansible/ansible/pull/52133)\n * ufw * when using ``state: reset`` in check mode, ``ufw --dry-run reset`` was executed, which causes a loss of firewall rules. The ``ufw`` module was adjusted to no longer run ``ufw --dry-run reset`` to prevent this from happening.\n * ufw: make sure that only valid values for ``direction`` are passed on.\n * update GetBiosBootOrder to use standard Redfish resources (https://github.com/ansible/ansible/issues/47571)\n * win become * Fix some scenarios where become failed to create an elevated process\n * win_psmodule * the NuGet package provider will be updated, if needed, to avoid issue under adding a repository\n * yum * Remove incorrect disable_includes error message when using disable_excludes (https://github.com/ansible/ansible/issues/51697)\n * yum * properly handle a proxy config in yum.conf for an unauthenticated proxy\n\n- Update to version 2.7.7\n Minor Changes:\n * Allow check_mode with supports_generate_diff capability in cli_config. (https://github.com/ansible/ansible/pull/51417)\n * Fixed typo in vmware documentation fragment. Changed 'supported added' to 'support added'.\n Bugfixes:\n * All K8S_AUTH_* environment variables are now properly loaded by the k8s lookup plugin\n * Change backup file globbing for network _config modules so backing up one host's config will not delete the backed up config of any host whose hostname is a subset of the first host's hostname (e.g., switch1 and switch11)\n * Fixes bug where nios_a_record wasn't getting deleted if an uppercase named a_record was being passed. (https://github.com/ansible/ansible/pull/51539)\n * aci_aaa_user - Fix setting user description (https://github.com/ansible/ansible/issues/51406)\n * apt_repository - fixed failure under Python 3.7 (https://github.com/ansible/ansible/pull/47219)\n * archive - Fix check if archive is created in path to be removed\n * azure_rm inventory plugin - fix azure batch request (https://github.com/ansible/ansible/pull/50006)\n * cnos_backup - fixed syntax error (https://github.com/ansible/ansible/pull/47219)\n * cnos_image - fixed syntax error (https://github.com/ansible/ansible/pull/47219)\n * consul_kv - minor error-handling bugfix under Python 3.7 (https://github.com/ansible/ansible/pull/47219)\n * copy - align invocation in return value between check and normal mode\n * delegate_facts - fix to work properly under block and include_role (https://github.com/ansible/ansible/pull/51553)\n * docker_swarm_service - fix endpoint_mode and publish idempotency.\n * ec2_instance - Correctly adds description when adding a single ENI to the instance\n * ensure we have a XDG_RUNTIME_DIR, as it is not handled correctly by some privilege escalation configurations\n * file - Allow state=touch on file the user does not own https://github.com/ansible/ansible/issues/50943\n * fix ansible-pull hanlding of extra args, complex quoting is needed for inline JSON\n * fix ansible_connect_timeout variable in network_cli,netconf,httpapi and nxos_install_os timeout check\n * netapp_e_storagepool - fixed failure under Python 3.7 (https://github.com/ansible/ansible/pull/47219)\n * onepassword_facts - Fix an issue looking up some 1Password items which have a 'password' attribute alongside the 'fields' attribute, not inside it.\n * prevent import_role from inserting dupe into roles: execution when duplicate signature role already exists in the section.\n * reboot - Fix bug where the connection timeout was not reset in the same task after rebooting\n * ssh connection - do not retry with invalid credentials to prevent account lockout (https://github.com/ansible/ansible/issues/48422)\n * systemd - warn when exeuting in a chroot environment rather than failing (https://github.com/ansible/ansible/pull/43904)\n * win_chocolatey - Fix hang when used with proxy for the first time - https://github.com/ansible/ansible/issues/47669\n * win_power_plan - Fix issue where win_power_plan failed on newer Windows 10 builds - https://github.com/ansible/ansible/issues/43827\n\n- update to version 2.7.6\n Minor Changes:\n * Added documentation about using VMware dynamic inventory plugin.\n * Fixed bug around populating host_ip in hostvars in vmware_vm_inventory.\n * Image reference change in Azure VMSS is detected and applied correctly.\n * docker_volume - reverted changed behavior of force, which was released in Ansible 2.7.1 to 2.7.5, and Ansible 2.6.8 to 2.6.11. Volumes are now only recreated if the parameters changed and force is set to true (instead of or). This is the behavior which has been described in the documentation all the time.\n * set ansible_os_family from name variable in os-release\n * yum and dnf can now handle installing packages from URIs that are proxy redirects and don't end in the .rpm file extension\n Bugfixes:\n * Added log message at -vvvv when using netconf connection listing connection details.\n * Changes how ansible-connection names socket lock files. They now use the same name as the socket itself, and as such do not lock other attempts on connections to the same host, or cause issues with overly-long hostnames.\n * Fix mandatory statement error for junos modules (https://github.com/ansible/ansible/pull/50138)\n * Moved error in netconf connection plugin from at import to on connection.\n * This reverts some changes from commit 723daf3. If a line is found in the file, exactly or via regexp matching, it must not be added again. insertafter/insertbefore options are used only when a line is to be inserted, to specify where it must be added.\n * allow using openstack inventory plugin w/o a cache\n * callbacks - Do not filter out exception, warnings, deprecations on failure when using debug (https://github.com/ansible/ansible/issues/47576)\n * certificate_complete_chain - fix behavior when invalid file is parsed while reading intermediate or root certificates.\n * copy - Ensure that the src file contents is converted to unicode in diff information so that it is properly wrapped by AnsibleUnsafeText to prevent unexpected templating of diff data in Python3 (https://github.com/ansible/ansible/issues/45717)\n * correct behaviour of verify_file for vmware inventory plugin, it was always returning True\n * dnf - fix issue where conf_file was not being loaded properly\n * dnf - fix update_cache combined with install operation to not cause dnf transaction failure\n * docker_container - fix network_mode idempotency if the container:<container-name> form is used (as opposed to container:<container-id>) (https://github.com/ansible/ansible/issues/49794)\n * docker_container - warning when non-string env values are found, avoiding YAML parsing issues. Will be made an error in Ansible 2.8. (https://github.com/ansible/ansible/issues/49802)\n * docker_swarm_service - Document labels and container_labels with correct type.\n * docker_swarm_service - Document limit_memory and reserve_memory correctly on how to specify sizes.\n * docker_swarm_service - Document minimal API version for configs and secrets.\n * docker_swarm_service - fix use of Docker API so that services are not detected as present if there is an existing service whose name is a substring of the desired service\n * docker_swarm_service - fixing falsely reporting update_order as changed when option is not used.\n * document old option that was initally missed\n * ec2_instance now respects check mode https://github.com/ansible/ansible/pull/46774\n * fix for network_cli - ansible_command_timeout not working as expected (#49466)\n * fix handling of firewalld port if protocol is missing\n * fix lastpass lookup failure on python 3 (https://github.com/ansible/ansible/issues/42062)\n * flatpak - Fixed Python 2/3 compatibility\n * flatpak - Fixed issue where newer versions of flatpak failed on flatpak removal\n * flatpak_remote - Fixed Python 2/3 compatibility\n * gcp_compute_instance - fix crash when the instance metadata is not set\n * grafana_dashboard - Fix a pair of unicode string handling issues with version checking (https://github.com/ansible/ansible/pull/49194)\n * host execution order - Fix reverse_inventory not to change the order of the items before reversing on python2 and to not backtrace on python3\n * icinga2_host - fixed the issue with not working use_proxy option of the module.\n * influxdb_user - An unspecified password now sets the password to blank, except on existing users. This previously caused an unhandled exception.\n * influxdb_user - Fixed unhandled exception when using invalid login credentials (https://github.com/ansible/ansible/issues/50131)\n * openssl_* - fix error when path contains a file name without path.\n * openssl_csr - fix problem with idempotency of keyUsage option.\n * openssl_pkcs12 - now does proper path expansion for ca_certificates.\n * os_security_group_rule - os_security_group_rule doesn't exit properly when secgroup doesn't exist and state=absent (https://github.com/ansible/ansible/issues/50057)\n * paramiko_ssh - add auth_timeout parameter to ssh.connect when supported by installed paramiko version. This will prevent 'Authentication timeout' errors when a slow authentication step (>30s) happens with a host (https://github.com/ansible/ansible/issues/42596)\n * purefa_facts and purefb_facts now correctly adds facts into main ansible_fact dictionary (https://github.com/ansible/ansible/pull/50349)\n * reboot - add appropriate commands to make the plugin work with VMware ESXi (https://github.com/ansible/ansible/issues/48425)\n * reboot - add support for rebooting AIX (https://github.com/ansible/ansible/issues/49712)\n * reboot - gather distribution information in order to support Alpine and other distributions (https://github.com/ansible/ansible/issues/46723)\n * reboot - search common paths for the shutdown command and use the full path to the binary rather than depending on the PATH of the remote system (https://github.com/ansible/ansible/issues/47131)\n * reboot - use a common set of commands for older and newer Solaris and SunOS variants (https://github.com/ansible/ansible/pull/48986)\n * redfish_utils - fix reference to local variable 'systems_service'\n * setup - fix the rounding of the ansible_memtotal_mb value on VMWare vm's (https://github.com/ansible/ansible/issues/49608)\n * vultr_server - fixed multiple ssh keys were not handled.\n * win_copy - Fix copy of a dir that contains an empty directory - https://github.com/ansible/ansible/issues/50077\n * win_firewall_rule - Remove invalid 'bypass' action\n * win_lineinfile - Fix issue where a malformed json block was returned causing an error\n * win_updates - Correctly report changes on success\n\n- update to version 2.7.5\n Minor Changes:\n * Add warning about falling back to jinja2_native=false when Jinja2 version is lower than 2.10.\n * Change the position to search os-release since clearlinux new versions are providing /etc/os-release too\n * Fixed typo in ansible-galaxy info command.\n * Improve the deprecation message for squashing, to not give misleading advice\n * Update docs and return section of vmware_host_service_facts module.\n * ansible-galaxy: properly warn when git isn't found in an installed bin path instead of traceback\n * dnf module properly load and initialize dnf package manager plugins\n * docker_swarm_service: use docker defaults for the user parameter if it is set to null \n Bugfixes:\n * bsc#1118896 CVE-2018-16876 Information disclosure in vvv+ mode with no_log on (https://github.com/ansible/ansible/pull/49569)\n * ACME modules: improve error messages in some cases (include error returned by server).\n * Added unit test for VMware module_utils.\n * Also check stdout for interpreter errors for more intelligent messages to user\n * Backported support for Devuan-based distribution\n * Convert hostvars data in OpenShift inventory plugin to be serializable by ansible-inventory\n * Fix AttributeError (Python 3 only) when an exception occurs while rendering a template\n * Fix N3K power supply facts (https://github.com/ansible/ansible/pull/49150).\n * Fix NameError nxos_facts (https://github.com/ansible/ansible/pull/48981).\n * Fix VMware module utils for self usage.\n * Fix error in OpenShift inventory plugin when a pod has errored and is empty\n * Fix if the route table changed to none (https://github.com/ansible/ansible/pull/49533)\n * Fix iosxr netconf plugin response namespace (https://github.com/ansible/ansible/pull/49300)\n * Fix issues with nxos_install_os module for nxapi (https://github.com/ansible/ansible/pull/48811).\n * Fix lldp and cdp neighbors information (https://github.com/ansible/ansible/pull/48318)(https://github.com/ansible/ansible/pull/48087)(https://github.com/ansible/ansible/pull/49024).\n * Fix nxos_interface and nxos_linkagg Idempotence issue (https://github.com/ansible/ansible/pull/46437).\n * Fix traceback when updating facts and the fact cache plugin was nonfunctional\n * Fix using vault encrypted data with jinja2_native (https://github.com/ansible/ansible/issues/48950)\n * Fixed: Make sure that the files excluded when extracting the archive are not checked. https://github.com/ansible/ansible/pull/45122\n * Fixes issue where a password parameter was not set to no_log\n * Respect no_log on retry and high verbosity (CVE-2018-16876)\n * aci_rest - Fix issue ignoring custom port\n * acme_account, acme_account_facts - in some cases, it could happen that the modules return information on disabled accounts accidentally returned by the ACME server.\n * docker_swarm - decreased minimal required API version from 1.35 to 1.25; some features require API version 1.30 though.\n * docker_swarm_service: fails because of default 'user: root' (https://github.com/ansible/ansible/issues/49199)\n * ec2_metadata_facts - Parse IAM role name from the security credential field since the instance profile name is different\n * fix azure_rm_image module use positional parameter (https://github.com/ansible/ansible/pull/49394)\n * fixes an issue with dict_merge in network utils (https://github.com/ansible/ansible/pull/49474)\n * gcp_utils - fix google auth scoping issue with application default credentials or google cloud engine credentials. Only scope credentials that can be scoped.\n * mail - fix python 2.7 regression\n * openstack - fix parameter handling when cloud provided as dict https://github.com/ansible/ansible/issues/42858\n * os_user - Include domain parameter in user deletion https://github.com/ansible/ansible/issues/42901\n * os_user - Include domain parameter in user lookup https://github.com/ansible/ansible/issues/42901\n * ovirt_storage_connection - comparing passwords breaks idempotency in update_check (https://github.com/ansible/ansible/issues/48933)\n * paramiko_ssh - improve log message to state the connection type\n * reboot - use IndexError instead of TypeError in exception\n * redis cache - Support version 3 of the redis python library (https://github.com/ansible/ansible/issues/49341)\n * sensu_silence - Cast int for expire field to avoid call failure to sensu API.\n * vmware_host_service_facts - handle exception when service package does not have package name.\n * win_nssm - Switched to Argv-ToString for escaping NSSM credentials (https://github.com/ansible/ansible/issues/48728)\n * zabbix_hostmacro - Added missing validate_certs logic for running module against Zabbix servers with untrused SSL certificates (https://github.com/ansible/ansible/issues/47611)\n * zabbix_hostmacro - Fixed support for user macros with context (https://github.com/ansible/ansible/issues/46953)\n\n- update to version 2.7.4\n Bugfixes:\n * powershell - add lib/ansible/executor/powershell to the packaging data\n\n- update to version 2.7.3\n Minor Changes:\n * Document Path and Port are mutually exclusive parameters in wait_for module\n * Puppet module remove --ignorecache to allow Puppet 6 support\n * dnf properly support modularity appstream installation via overloaded group\n\tmodifier syntax\n * proxmox_kvm - fix exception\n * win_security_policy - warn users to use win_user_right instead when editing\n\tPrivilege Rights\n Bugfixes:\n * Fix the issue that FTD HTTP API retries authentication-related HTTP requests\n * Fix the issue that module fails when the Swagger model does not have required fields\n * Fix the issue with comparing string-like objects\n * Fix using omit on play keywords\n * Windows - prevent sensitive content from appearing in scriptblock logging (CVE-2018-16859)\n * apt_key - Disable TTY requirement in GnuPG for the module to work correctly \n\twhen SSH pipelining is enabled\n * better error message when bad type in config, deal with EVNAR= more gracefully\n * configuration retrieval would fail on non primed plugins\n * cs_template - Fixed a KeyError on state=extracted\n * docker_container - fix idempotency problems with docker-py caused by previous\n\tinit idempotency fix\n * docker_container - fix interplay of docker-py version check with argument_spec\n\tvalidation improvements\n * docker_network - driver_options containing Python booleans would cause Docker\n to throw exceptions\n * ec2_group - Fix comparison of determining which rules to purge by ignoring descriptions\n * pip module - fix setuptools/distutils replacement\n * sysvinit - enabling a service should use 'defaults' if no runlevels are specified\n\n- update to version 2.7.2\n Minor changes:\n * Fix documentation for cloning template\n * Parsing plugin filter may raise TypeError, gracefully handle this \n\texception and let user know about the syntax error in plugin filter file\n * Scenario guide for VMware HTTP API usage\n * Update plugin filter documentation\n * fix yum and dnf autoremove input sanitization to properly warn user if \n\tinvalid options passed and update documentation to match\n * improve readability and fix privileges names on vmware scenario_clone_template\n * k8s - updated module documentation to mention how to avoid SSL validation errors\n * yum - when checking for updates, now properly include Obsoletes \n\t(both old and new) package data in the module JSON output\n\n- update to 2.7.1\n Minor changes:\n * Fix yum module to properly check for empty conf_file value\n * added capability to set the scheme for the consul_kv lookup\n * added optional certificate and certificate validation for consul_kv lookups\n * dnf - properly handle modifying the enable/disable excludes data field\n * dnf appropriately handles disable_excludes repoid argument\n * dnf proerly honors disable_gpg_check for local package installation\n * fix yum module to handle list argument optional empty strings properly\n * netconf_config - Make default_operation optional in netconf_config module\n * yum - properly handle proxy password and username embedded in url\n * yum/dnf - fail when space separated string of names \n\n- update to 2.7.0\n Major changes:\n * Allow config to enable native jinja types\n * Remove support for simplejson\n * yum and dnf modules now at feature parity\n Minor changes:\n * Changed the prefix of all Vultr modules from vr to vultr\n * Enable installroot tests for yum4(dnf) integration testing, dnf backend now supports that\n * Fixed timer in exponential backoff algorithm in vmware.py\n Bugfixes:\n * Security Fix - avoid loading host/group vars from cwd when not specifying a playbook or playbook base dir\n * Security Fix - avoid using ansible.cfg in a world writable dir\n * Some connection exception would cause no_log specified on a task to be ignored (stdout info disclosure)\n * Fix glob path of rc.d (SUSE-specific)\n * Fix lambda_policy updates\n * Fix alt linux detection/matching\n \n\n- update to 2.6.4\n Minor Changes:\n * add azure_rm_storageaccount support to StorageV2 kind. \n * import_tasks - Do not allow import_tasks to transition to dynamic\n if the file is missing\n Bugfixes:\n * Add md5sum check in nxos_file_copy module\n * Allow arbitrary log_driver for docker_container\n * Fix Python2.6 regex bug terminal plugin nxos, iosxr\n * Fix check_mode in nxos_static_route module\n * Fix glob path of rc.d Some distribtuions like SUSE has the rc%.d\n directories under /etc/init.d\n * Fix network config diff issue for lines \n * Fixed an issue where ansible_facts.pkg_mgr would incorrectly set \n to zypper on Debian/Ubuntu systems that happened to have the \n command installed\n * The docker_* modules respect the DOCKER_* environment variables again\n * The fix for CVE-2018-10875 prints out a warning message about \n skipping a config file from a world writable current working directory.\n However, if the user is in a world writable current working directory \n which does not contain a config file, it should not print a warning \n message. This release fixes that extaneous warning.\n * To resolve nios_network issue where vendor-encapsulated-options \n can not have a use_option flag.\n * To resolve the issue of handling exception for Nios lookup gracefully.\n * always correctly template no log for tasks\n * ansible-galaxy - properly list all roles in roles_path\n * basic.py - catch ValueError in case a FIPS enabled platform \n raises this exception\n * docker_container: fixing working_dir idempotency problem \n * docker_container: makes unit parsing for memory sizes more consistent, \n and fixes idempotency problem when kernel_memory is set\n * fix example code for AWS lightsail documentation\n * fix the enable_snat parameter that is only supposed to be used by \n an user with the right policies.\n * fixes docker_container check and debug mode\n * improves docker_container idempotency\n * ios_l2_interface - fix bug when list of vlans ends with comma\n * ios_l2_interface - fix issue with certain interface types\n * ios_user - fix unable to delete user admin issue \n * ios_vlan - fix unable to work on certain interface types issue \n * nxos_facts test lldp feature and fix nxapi check_rc \n * nxos_interface port-channel idempotence fix for mode\n * nxos_linkagg mode fix \n * nxos_system idempotence fix\n * nxos_vlan refactor to support non structured output\n * one_host - fixes settings via environment variables\n * use retry_json nxos_banner\n * user - Strip trailing comments in /etc/default/passwd \n * user - when creating a new user without an expiration date, \n properly set no expiration rather that expirining the account\n * win_domain_computer - fixed deletion of computer active directory \n object that have dependent objects\n * win_domain_computer - fixed error in diff_support\n * win_domain_computer - fixed error when description parameter is empty \n * win_psexec - changed code to not escape the command option when building the args\n * win_uri -- Fix support for JSON output when charset is set\n * win_wait_for - fix issue where timeout doesn't wait unless state=drained\n\n- update to 2.6.3\n Bugfixes:\n * Fix lxd module to be idempotent when the given configuration for\n\tthe lxd container has not changed\n * Fix setting value type to str to avoid conversion during template\n\tread. Fix Idempotency in case of 'no key'.\n * Fix the mount module's handling of swap entries in fstab\n * The fix for (CVE-2018-10875) prints out a warning message about\n\tskipping a config file from a world writable current working\n\tdirectory. However, if the user explicitly specifies that the \n\tconfig file should be used via the ANSIBLE_CONFIG environment\n\tvariable then Ansible would honor that but still print out the\n\twarning message. This has been fixed so that Ansible honors the\n\tuser's explicit wishes and does not print a warning message in\n\tthat circumstance.\n * To fix the bug where existing host_record was deleted when existing\n\trecord name is used with different IP.\n * VMware handle pnic in proxyswitch\n * fix azure security group cannot add rules when purge_rule set to false.\n * fix azure_rm_deployment collect tags from existing Resource Group.\n * fix azure_rm_loadbalancer_facts list takes at least 2 arguments.\n * fix for the bundled selectors module (used in the ssh and local \n\tconnection plugins) when a syscall is restarted after being \n\tinterrupted by a signal\n * get_url - fix the bug that get_url does not change mode when checksum matches\n * nicer error when multiprocessing breaks\n * openssl_certificate - Convert valid_date to bytes for conversion\n * openstack_inventory.py dynamic inventory file fixed the plugin to the \n\tscript so that it will work with current ansible-inventory. Also \n redirect stdout before dumping the ouptput, because not doing so will\n\tcause JSON parse errors in some cases.\n * slack callback - Fix invocation by looking up data from cli.options\n * sysvinit module: handle values of optional parameters. Don't disable \n\tservice when enabled parameter isn't set. Fix command when arguments \n\tparameter isn't set.\n * vars_prompt - properly template play level variables in vars_prompt\n * win_domain - ensure the Netlogon service is up and running after \n\tpromoting host to controller\n * win_domain_controller - ensure the Netlogon service is up and running\n\tafter promoting host to controller\n\n- update to 2.6.2\n Minor Changes\n + Sceanrio guide for removing an existing virtual machine is added.\n + lineinfile - add warning when using an empty regexp \n + Restore module_utils.basic.BOOLEANS variable for backwards compatibility\n with the module API in older ansible releases.\n Bugfixes:\n + Includes fix for bsc#1099808 (CVE-2018-10875) ansible.cfg is being read\n from current working directory allowing possible code execution\n + Add text output along with structured output in nxos_facts \n + Allow more than one page of results by using the right pagination \n indicator ('NextMarker' instead of 'NextToken').\n + Fix an atomic_move error that is 'true', but misleading. \n Now we show all 3 files involved and clarify what happened.\n + Fix eos_l2_interface eapi.\n + Fix fetching old style facts in junos_facts module\n + Fix get_device_info nxos zero or more whitespace regex\n + Fix nxos CI failures\n + Fix nxos_nxapi default http behavior\n + Fix nxos_vxlan_vtep_vni\n + Fix regex network_os_platform nxos\n + Refactor nxos cliconf get_device_info for non structured \n output supported devices\n + To fix the NoneType error raised in ios_l2_interface when \n Access Mode VLAN is unassigned\n + emtpy host/group name is an error\n + fix default SSL version for docker modules\n + fix mail module when using starttls\n + fix nmap config example\n + fix ps detection of service\n + fix the remote tmp folder permissions issue when becoming a non \n admin user\n + fix typoe in sysvinit that breaks update.rc-d detection\n + fixes docker_container compatibilty with docker-py < 2.2\n + get_capabilities in nxapi module_utils should not return empty dictionary\n + inventory - When using an inventory directory, ensure extension \n comparison uses text types\n + ios_vlan - fix unable to identify correct vlans issue\n + nxos_facts warning message improved\n + openvswitch_db - make 'key' argument optional\n + pause - do not set stdout to raw mode when redirecting to a file\n + pause - nest try except when importing curses to gracefully fail \n if curses is not present\n + plugins/inventory/openstack.py - Do not create group with empty \n name if region is not set\n + preseve delegation info on nolog\n + remove ambiguity when it comes to 'the source'\n + remove dupes from var precedence\n + restores filtering out conflicting facts\n + user - fix bug that resulted in module always reporting a change when \n specifiying the home directory on FreeBSD\n + user - use correct attribute name in FreeBSD for creat_home\n + vultr - Do not fail trying to load configuration from ini files if \n required variables have been set as environment variables.\n + vyos_command correcting conditionals looping\n + win_chocolatey - enable TLSv1.2 support when downloading the \n Chocolatey installer \n + win_reboot - fix for handling an already scheduled reboot and other \n minor log formatting issues\n + win_reboot - fix issue when overridding connection timeout hung \n the post reboot uptime check\n + win_reboot - handle post reboots when running test_command \n + win_security_policy - allows an empty string to reset a policy value\n + win_share - discard any cmdlet output we don't use to ensure only the \n return json is received by Ansible\n + win_unzip - discard any cmdlet output we don't use to ensure only the \n return json is received by Ansible\n + win_updates - fixed module return value is lost in error in some cases\n + win_user - Use LogonUser to validate the password as it does not \n rely on SMB/RPC to be available\n + Security Fix - avoid loading host/group vars from cwd when not \n specifying a playbook or playbook base dir\n + Security Fix - avoid using ansible.cfg in a world writable dir.\n + Fix junos_config confirm commit timeout issue \n (https://github.com/ansible/ansible/pull/41527)\n + file module - The touch subcommand had its diff output broken during\n the 2.6.x development cycle. This is now fixed.\n + inventory manager - This fixes required options being populated before \n the inventory config file is read, so the required options may be \n set in the config file.\n + nsupdate - allow hmac-sha384 https://github.com/ansible/ansible/pull/42209\n + win_domain - fixes typo in one of the AD cmdlets \n https://github.com/ansible/ansible/issues/41536\n + win_group_membership - uses the internal Ansible SID conversion logic \n and uses that when comparing group membership instead of the name \n- use fdupes to save some space in python_sitelib\n- define BuildRoot on older distributions like SLE-11\n- be a bit more flexible with the ending of manpage files to allow\n Fedora builds to succeed\n- includes fix for bsc#1099805 (CVE-2018-10874) Inventory\n variables are loaded from current working directory when\n running ad-hoc command that can lead to code execution\n (included upstream in 2.6.1).\n\n- revert some unneeded changes from spec-cleaner\n\n- updated to latest release 2.6.0 \n- New Plugins:\n + Callback: \n - cgroup_memory_recap\n - grafana_annotations\n - sumologic\n + Connection:\n - httpapi\n + Inventory:\n - foreman\n - gcp_compute\n - generator\n - nmap\n + Lookup:\n - onepassword\n - onepassword_raw\n- Modules updates too many to mention here\n please look at package documentation directory (/usr/share/doc/packages/.../changelogs)\n- bug fixes:\n - **Security Fix** - Some connection exceptions would cause no_log\n specified on a task to be ignored. If this happened, the task information,\n including any private information coul d have been displayed to stdout and\n (if enabled, not the default) logged to a log file specified in\n ansible.cfg's log_path. Additionally, sites which redirected stdout from\n ansible runs to a log file may have stored that private information onto\n disk that way as well. (https://github.com/ansible/ansible/pull/41414)\n - Changed the admin_users config option to not include 'admin' by default\n as admin is frequently used for a non-privileged account\n (https://github.com/ansible/ansible/pull/41164)\n - Changed the output to 'text' for 'show vrf' command as default 'json'\n output format with respect to 'eapi' transport was failing\n (https://github.com/ansible/ansible/pull/41470)\n - Document mode=preserve for both the copy and template module\n - Fix added for Digital Ocean Volumes API change causing Ansible to\n recieve an unexpected value in the response. \n (https://github.com/ansible/ansible/pull/41431)\n - Fix an encoding issue when parsing the examples from a plugins'\n documentation\n - Fix iosxr_config module to handle route-policy, community-set,\n prefix-set, as-path-set and rd-set blocks. All these blocks are part of\n route-policy language of iosxr.\n - Fix mode=preserve with remote_src=True for the copy module\n - Implement mode=preserve for the template module\n - The yaml callback plugin now allows non-ascii characters to be\n displayed.\n - Various grafana_* modules - Port away from the deprecated\n b64encodestring function to the b64encode function instead. \n https://github.com/ansible/ansible/pull/38388\n - added missing 'raise' to exception definition\n https://github.com/ansible/ansible/pull/41690\n - allow custom endpoints to be used in the aws_s3 module\n (https://github.com/ansible/ansible/pull/36832)\n - allow set_options to be called multiple times\n https://github.com/ansible/ansible/pull/41913\n - ansible-doc - fixed traceback on missing plugins\n (https://github.com/ansible/ansible/pull/41167)\n - cast the device_mapping volume size to an int in the ec2_ami module\n (https://github.com/ansible/ansible/pull/40938)\n - copy - fixed copy to only follow symlinks for files in the non-recursive case\n - copy module - The copy module was attempting to change the mode of files\n for remote_src=True even if mode was not set as a parameter. This\n failed on filesystems which do not have permission bits\n (https://github.com/ansible/ansible/pull/40099)\n - copy module - fixed recursive copy with relative paths\n (https://github.com/ansible/ansible/pull/40166)\n - correct debug display for all cases\n https://github.com/ansible/ansible/pull/41331\n - correctly check hostvars for vars term\n https://github.com/ansible/ansible/pull/41819\n - correctly handle yaml inventory files when entries are null dicts\n https://github.com/ansible/ansible/issues/41692\n - dynamic includes - Allow inheriting attributes from static parents\n (https://github.com/ansible/ansible/pull/38827)\n - dynamic includes - Don't treat undefined vars for conditional includes\n as truthy (https://github.com/ansible/ansible/pull/39377)\n - dynamic includes - Fix IncludedFile comparison for free strategy\n (https://github.com/ansible/ansible/pull/37083)\n - dynamic includes - Improved performance by fixing re-parenting on copy\n (https://github.com/ansible/ansible/pull/38747)\n - dynamic includes - Use the copied and merged task for calculating task\n vars (https://github.com/ansible/ansible/pull/39762)\n - file - fixed the default follow behaviour of file to be true\n - file module - Eliminate an error if we're asked to remove a file but\n something removes it while we are processing the request\n (https://github.com/ansible/ansible/pull/39466)\n - file module - Fix error when recursively assigning permissions and a\n symlink to a nonexistent file is present in the directory tree\n (https://github.com/ansible/ansible/issues/39456)\n - file module - Fix error when running a task which assures a symlink to a\n nonexistent file exists for the second and subsequent times\n (https://github.com/ansible/ansible/issues/39558)\n - file module - The file module allowed the user to specify src as a\n parameter when state was not link or hard. This is documented as only\n applying to state=link or state=hard but in previous Ansible, this could\n have an effect in rare cornercases. For instance, 'ansible -m file -a\n 'state=directory path=/tmp src=/var/lib'' would create /tmp/lib. This\n has been disabled and a warning emitted (will change to an error in\n Ansible-2.10).\n - file module - The touch subcommand had its diff output broken during the\n 2.6.x development cycle. This is now fixed\n (https://github.com/ansible/ansible/issues/41755)\n - fix BotoCoreError exception handling\n - fix apt-mark on debian6 (https://github.com/ansible/ansible/pull/41530)\n - fix async for the aws_s3 module by adding async support to the action\n plugin (https://github.com/ansible/ansible/pull/40826)\n - fix decrypting vault files for the aws_s3 module\n (https://github.com/ansible/ansible/pull/39634)\n - fix errors with S3-compatible APIs if they cannot use ACLs for buckets\n or objects\n - fix permission handling to try to download a file even if the user does\n not have permission to list all objects in the bucket\n - fixed config required handling, specifically for _terms in lookups\n https://github.com/ansible/ansible/pull/41740\n - gce_net - Fix sorting of allowed ports\n (https://github.com/ansible/ansible/pull/41567)\n - group_by - support implicit localhost\n (https://github.com/ansible/ansible/pull/41860)\n - import/include - Ensure role handlers have the proper parent, allowing\n for correct attribute inheritance\n (https://github.com/ansible/ansible/pull/39426)\n - import_playbook - Pass vars applied to import_playbook into parsing of\n the playbook as they may be needed to parse the imported plays\n (https://github.com/ansible/ansible/pull/39521)\n - include_role/import_role - Don't overwrite included role handlers with\n play handlers on parse (https://github.com/ansible/ansible/pull/39563)\n - include_role/import_role - Fix parameter templating\n (https://github.com/ansible/ansible/pull/36372)\n - include_role/import_role - Use the computed role name for\n include_role/import_role so to diffentiate between names computed from\n host vars (https://github.com/ansible/ansible/pull/39516)-\n include_role/import_role - improved performance and recursion depth\n (https://github.com/ansible/ansible/pull/36470)\n - lineinfile - fix insertbefore when used with BOF to not insert duplicate\n lines (https://github.com/ansible/ansible/issues/38219)\n - password lookup - Do not load password lookup in network filters,\n allowing the password lookup to be overriden\n (https://github.com/ansible/ansible/pull/41907)\n - pause - ensure ctrl+c interrupt works in all cases\n (https://github.com/ansible/ansible/issues/35372)\n - powershell - use the tmpdir set by `remote_tmp` for become/async tasks\n instead of the generic $env:TEMP -\n https://github.com/ansible/ansible/pull/40210\n - selinux - correct check mode behavior to report same changes as normal\n mode (https://github.com/ansible/ansible/pull/40721)\n - spwd - With python 3.6 spwd.getspnam returns PermissionError instead of\n KeyError if user does not have privileges\n (https://github.com/ansible/ansible/issues/39472)\n - synchronize - Ensure the local connection created by synchronize uses\n _remote_is_local=True, which causes ActionBase to build a local tmpdir\n (https://github.com/ansible/ansible/pull/40833)\n - template - Fix for encoding issues when a template path contains\n non-ascii characters and using the template path in ansible_managed\n (https://github.com/ansible/ansible/issues/27262)\n - template action plugin - fix the encoding of filenames to avoid\n tracebacks on Python2 when characters that are not present in the user's\n locale are present. (https://github.com/ansible/ansible/pull/39424)\n - user - only change the expiration time when necessary\n (https://github.com/ansible/ansible/issues/13235)\n - uses correct conn info for reset_connection\n https://github.com/ansible/ansible/issues/27520\n - win_environment - Fix for issue where the environment value was deleted\n when a null value or empty string was set -\n https://github.com/ansible/ansible/issues/40450\n - win_file - fix issue where special chars like [ and ] were not being\n handled correctly https://github.com/ansible/ansible/pull/37901\n - win_get_url - fixed a few bugs around authentication and force no when\n using an FTP URL\n - win_iis_webapppool - redirect some module output to null so Ansible can\n read the output JSON https://github.com/ansible/ansible/issues/40874\n - win_template - fix when specifying the dest option as a directory with\n and without the trailing slash\n https://github.com/ansible/ansible/issues/39886\n - win_updates - Added the ability to run on a scheduled task for older\n hosts so async starts working again -\n https://github.com/ansible/ansible/issues/38364\n - win_updates - Fix logic when using a whitelist for multiple updates\n - win_updates - Fix typo that hid the download error when a download\n failed\n - win_updates - Fixed issue where running win_updates on async fails\n without any error\n - windows become - Show better error messages when the become process fails\n - winrm - Add better error handling when the kinit process fails\n - winrm - allow `ansible_user` or `ansible_winrm_user` to override\n `ansible_ssh_user` when both are defined in an inventory -\n https://github.com/ansible/ansible/issues/39844\n - winrm - ensure pexpect is set to not echo the input on a failure and have\n a manual sanity check afterwards\n https://github.com/ansible/ansible/issues/41865\n - winrm connection plugin - Fix exception messages sometimes raising a\n traceback when the winrm connection plugin encounters an unrecoverable\n error. https://github.com/ansible/ansible/pull/39333\n - xenserver_facts - ensure module works with newer versions of XenServer\n (https://github.com/ansible/ansible/pull/35821)\n\n- use python3 on (open)SUSE 15 or newer\n\n- Update to 2.5.5\n - Fixed the honouration of the no_log option with failed task iterations\n (CVE-2018-10855 boo#1097775)\n - Bufixes:\n - Changed the admin_users config option to not include 'admin' by default\n as admin is frequently used for a non-privileged account\n - aws_s3 - add async support to the action plugin\n - aws_s3 - fix decrypting vault files\n - ec2_ami - cast the device_mapping volume size to an int\n - eos_logging - fix idempotency issues\n - cache plugins - A cache timeout of 0 means the cache will not expire.\n - ios_logging - fix idempotency issues\n - ios/nxos/eos_config - don't retrieve config in running_config when config is provided for diff\n - nxos_banner - fix multiline banner issue\n - nxos terminal plugin - fix output truncation\n - nxos_l3_interface - fix no switchport issue with loopback and svi interfaces\n - nxos_snapshot - fix compare_option\n- Applied spec-cleaner\n\n- Update to 2.5.1\n Minor Changes\n + Updated example in vcenter_license module.\n + Updated virtual machine facts with instanceUUID which is unique \n for each VM irrespective of name and BIOS UUID.\n + A lot of Bugfixes, please refer to the Changelog installed in \n /usr/share/doc/packages/ansible/changelogs/CHANGELOG-v2.5.rst\n\n- Update to 2.5.0:\n Major Changes\n * Ansible Network improvements\n + Created new connection plugins network_cli and netconf to replace\n connection=local. connection=local will continue to work for a\n number of Ansible releases.\n + No more unable to open shell. A clear and descriptive message will \n be displayed in normal ansible-playbook output without needing to enable debug mode\n + Loads of documentation, see Ansible for Network Automation Documentation.\n + Refactor common network shared code into package under module_utils/network/\n + Filters: Add a filter to convert XML response from a network device to JSON object.\n + Loads of bug fixes.\n + Plus lots more.\n * New simpler and more intuitive 'loop' keyword for task loops. The \n with_<lookup> loops will likely be deprecated in the near future \n and eventually removed.\n * Added fact namespacing; from now on facts will be available under \n ansible_facts namespace (for example: ansible_facts.os_distribution) \n without the ansible_ prefix. They will continue to be added into the \n main namespace directly, but now with a configuration toggle to enable\n this. This is currently on by default, but in the future it will default to off.\n * Added a configuration file that a site administrator can use to \n specify modules to exclude from being used.\n Minor Changes\n * please refer to /share/doc/packages/ansible/changelogs/CHANGELOG-v2.5.rst\n Deprecated Features\n * Previously deprecated 'hostfile' config settings have been 're-deprecated' \n because previously code did not warn about deprecated configuration settings.\n * Using Ansible-provided Jinja tests as filters is deprecated and will \n be removed in Ansible 2.9.\n * The stat and win_stat modules have deprecated get_md5 and the md5 return\n values. These options will become undocumented in Ansible 2.9 and \n removed in a later version.\n * The redis_kv lookup has been deprecated in favor of new redis lookup\n * Passing arbitrary parameters that begin with HEADER_ to the uri module, \n used for passing http headers, is deprecated. Use the headers parameter \n with a dictionary of header names to value instead. \n This will be removed in Ansible 2.9\n * Passing arbitrary parameters to the zfs module to set zfs properties is \n deprecated. Use the extra_zfs_properties parameter with a dictionary of\n property names to values instead. This will be removed in Ansible 2.9.\n * Use of the AnsibleModule parameter check\\_invalid\\_arguments in custom\n modules is deprecated. In the future, all parameters will be checked to \n see whether they are listed in the arg spec and an error raised if they \n are not listed. This behaviour is the current and future default so most \n custom modules can simply remove check\\_invalid\\_arguments if they set it \n to the default value of True. The check\\_invalid\\_arguments parameter \n will be removed in Ansible 2.9.\n * The nxos_ip_interface module is deprecated in Ansible 2.5. \n Use nxos_l3_interface module instead.\n * The nxos_portchannel module is deprecated in Ansible 2.5. \n Use nxos_linkagg module instead.\n * The nxos_switchport module is deprecated in Ansible 2.5. \n Use nxos_l2_interface module instead.\n * The ec2_ami_find has been deprecated; use ec2_ami_facts instead.\n * panos_security_policy: Use panos_security_rule - the old module uses \n deprecated API calls\n * vsphere_guest is deprecated in Ansible 2.5 and will be removed in \n Ansible-2.9. Use vmware_guest module instead.\n Removed Features (previously deprecated)\n * accelerate.\n * boundary_meter: There was no deprecation period for this but the hosted \n service it relied on has gone away so the module has been removed. #29387\n * cl_ : cl_interface, cl_interface_policy, cl_bridge, cl_img_install, \n cl_ports, cl_license, cl_bond. Use nclu instead\n * docker. Use docker_container and docker_image instead.\n * ec2_vpc.\n * ec2_ami_search, use ec2_ami_facts instead.\n * nxos_mtu. Use nxos_system's system_mtu option instead. \n To specify an interface's MTU use nxos_interface.\n * panos_nat_policy: Use panos_nat_rule the old module uses\n deprecated API calls\n- also package the changelogs directory below \n /usr/share/doc/packages/ansible/ for better reference\n\n- License changed to GPL-3.0-or-later, as mentioned in the source\n (former license focues on GPL-3.0 only)\n\n- Add python-passlib as Requires (bsc#1080682)\n passlib is needed for the 'vars_prompt' feature of ansible\n\n- Update to version 2.4.3.0:\n * Fix `pamd` rule args regexp to match file paths.\n * Check if SELinux policy exists before setting.\n * Set locale to `C` in `letsencrypt` module to fix date parsing\n errors.\n * Fix include in loop when stategy=free.\n * Fix save parameter in asa_config.\n * Fix --vault-id support in ansible-pull.\n * In nxos_interface_ospf, fail nicely if loopback is used with\n passive_interface.\n * Fix quote filter when given an integer to quote.\n * nxos_vrf_interface fix when validating the interface.\n * Fix for win_copy when sourcing files from an SMBv1 share.\n * correctly report callback plugin file.\n * restrict revaulting to vault cli.\n * Fix python3 tracebacks in letsencrypt module.\n * Fix ansible_*_interpreter variables to be templated prior to\n being used.\n * Fix setting of environment in a task that uses a loop\n * Fix fetch on Windows failing to fetch files or particular\n block size.\n * preserve certain fields during no log.\n * fix issue with order of declaration of sections in ini\n inventory.\n * Fix win_iis_webapppool to correctly stop a apppool.\n * Fix CloudEngine host failed.\n * Fix ios_config save issue.\n * Handle vault filenames with nonascii chars when displaying\n messages.\n * Fix win_iis_webapppool to not return passwords.\n * Fix extended file attributes detection and changing.\n * correctly ensure 'ungrouped' membership rules.\n * made warnings less noisy when empty/no inventory is supplied.\n * Fixes a failure which prevents to create servers in module\n cloudscale_server.\n * Fix win_firewall_rule 'Specified cast is invalid' error when\n modifying a rule with all of Domain/Public/Private profiles set.\n * Fix case for multilib when installing from a file in the yum\n module.\n * Fix WinRM parsing/escaping of IPv6 addresses.\n * Fix win_package to detect MSI regardless of the extension case.\n * Updated win_mapped_drive docs to clarify what it is used for.\n * Fix file related modules run in check_mode when the file being\n operated on does not exist.\n * Make eos_vlan idempotent.\n * Fix win_iis_website to properly check attributes before setting.\n * Fixed the removal date for ios_config save and force parameters.\n * cloudstack: fix timeout from ini config file being ignored.\n * fixes memory usage issues with many blocks/includes.\n * Fixes maximum recursion depth exceeded with include_role.\n * Fix to win_dns_client module to take ordering of DNS servers to\n resolve into account.\n * Fix for the nxos_banner module where some nxos images nest the\n output inside of an additional dict.\n * Fix failure message 'got multiple values for keyword argument\n id' in the azure_rm_securitygroup module (caused by changes to\n the azure python API).\n * Bump Azure storage client minimum to 1.5.0 to fix\n deserialization issues.\n This will break Azure Stack until it receives storage API\n version 2017-10-01 or changes are made to support multiple\n versions.\n * Flush stdin when passing the become password. Fixes some cases\n of timeout on Python 3 with the ssh connection plugin.\nupdate to version v2.4.2.0:\n * lock azure containerservice to below 2.0.0\n * ovirt_host_networks: Fix label assignment\n * Fix vault --ask-vault-pass with no tty (#31493)\n * cherry-pick changes of azure_rm_common from devel to 2.4 (#32607)\n * Fixes #31090. In network parse_cli filter plugin, this change moves the creation of a (#31092) (#32458)\n * Use an abspath for network inventory ssh key path.\n * Remove toLower on source (#31983)\n * Add k8s_common.py logging fixes to the changelog\n * inserts enable cmd hash with auth_pass used (#32107)\n * Fix exception upon display.warn() (#31876)\n * ios_system: Fix typo in unit test (#32284)\n * yum: use the C locale when screen scraping (#32203)\n * Use region derived from get_aws_connection_info() in dynamodb_table to fix tagging bug (#32557)\n * fix item var in delegation (#32986)\n * Add changelog entry for elb_application_lb fix\n * Add a validate example to blockinfile. (#32088)\n * Correct formatting --arguments (#31808)\n * Add changelog for URI/get_url fix\n * [cloud] Bugfix for aws_s3 empty directory creation (#32198)\n * Fix junos integration test fixes as per connection refactor (#33050) (#33055)\n * Update win_copy for #32677 (#32682)\n * ios_interface testfix (#32381)\n * Add proper check mode support to the script module (#31852)\n * Add galaxy --force fix to changelog\n * Fix non-ascii errors in config manager\n * Add python3 urllib fixes to changelog\n * Add changelog entry for the stdin py3 fix\n * Update version info for the 2.4.2 release\n * Add max_fail_percentage fix to changelog\n * Changelog entry for script inventory plugin fix.\n * Make RPM spec compatible with RHEL 6 (#31653)\n * Add changelog entry for the yum locale fix\n * Use vyos/1.1.8 in CI.\n * Fix patching to epel package\n * Pass proper error value to to_text (#33030)\n * Fix and re-enable zypper* integration tests in CI.\n * avoid chroot paths (#32778)\n * Add changelog entry for inventory nonascii paths fix\n * Fix ios_config integration test failures (#32959) (#32970)\n * Fix ios_config file prompt issue (#32744) (#32780)\n * Mdd module unit test docs (#31373)\n * dont add all group vars to implicit on create\n * Fix nxos_banner removal idempotence issue in N1 images (#31259)\n * Clarify the release and maintenance cycle (#32402)\n * Add ansible_distribution_major_version to macOS (#31708)\n * Docs (#32718)\n * Keep newlines when reading LXC container config file (#32219)\n * Updated changelog for vmware logon error handling\n * New release v2.4.2.0-0.2.beta2\n * added doc notes about vars plugins in precedence\n * revert module_utils/nxos change from #32846 (#32956)\n * [cloud] add boto3 requirement to `cloudformation` module docs (#31135)\n * Fixes #31056 (#31057)\n * - Fix logging module issue where facility is being deleted along with host (#32234)\n * Get the moid in a more failsafe manner (#32671)\n * Integration Tests only: add static route, snmp_user, snapshot and hsrp it cases (#28933)\n * Add the change to when we escape backslashes (for the template lookup plugin) to changelog\n * correctly deal with changed (#31812)\n * Add the template lookup escaping to the 2.4 porting guide (#32760)\n * tests for InventoryModule error conditions (#31381)\n * Disable pylint rules for stable-2.4.\n * fix typo\n * Enable TLS1.1 and TLS1.2 for win_package (#32184)\n * Add remove host fix to changelog\n * ios_interface provider issue testfix (#32335)\n * win_service: quoted path fix (#32469)\n * Add changes to succeeded/failed tests to the 2.4 porting guide (#33201)\n * Run OS X tests in 3 groups in CI.\n * ini inventory: document value parsing workaround\n * Change netconf port in testcase as per test enviornment (#32883) (#32889)\n * fix inventory loading for ansible-doc\n * jsonify inventory (#32990)\n * firewalld: don't reference undefined variable in error case (#31949)\n * change ports to non well known ports and drop time_range for N1 (#31261)\n * make vars only group declarations an error\n * Add changelog for os_floating_ip fix\n * Fix example on comparing master config (#32406)\n * py2/py3 safer shas on hostvars (#31788)\n * ensure we always have a basedir\n * Add missing ansible-test --remote-terminate support. (#32918)\n * Use show command to support wider platform set for nxos_interface module (#33037)\n * ios_logging: change IOS command pipe to section to include (#33100) (#33116)\n * win_find: allow module to skip on files it fails to check (#32105)\n * New release v2.4.2.0-0.4.beta4\n * multiple nxos fixes (#32905)\n * Add changelog entry for git archive fix\n * Add changelog entries for a myriad of 2.4.2 bugfixes\n * iosxr integration testfix (#32344)\n * Fix #31694: running with closed stdin on python 3 (#31695)\n * Add eos_user fix to changelog\n * updated changelog with win_find fix\n * Added urls python3 fix to changelog\n * [cloud] Support changeset_name parameter on CloudFormation stack create (#31436)\n * use configured ansible_shell_executable\n * New release v2.4.2.0-0.3.beta3\n * Fix ec2_lc failing to create multi-volume configurations (#32191)\n * Changelog win_package TLS fix\n * Fix wrong prompt issue for network modules (#32426) (#32442)\n * New release v2.4.2.0-0.1.beta1\n * Exclude stack policy when running in check mode.\n * change inventory_hostname to ansible_host to fix test (#32890) (#32891)\n * Add azure_rm_acs check mode fix\n * Updated changelog for win_copy fix\n * corrected package docs\n * make sure patterns are strings\n * Add more bugfixes to changelog\n * Fix junos netconf port issue in integration test (#32610) (#32668)\n * fixed .loads error for non decoded json in Python 3 (#32065)\n * nxos_config and nxos_facts - fixes for N35 platform. (#32762) (#32875)\n * Add changelog entry for #32219\n * Remove provider from ios integration test (#31037) (#32230)\n * added note about serial behaviour (#32461)\n * Fixes ios_logging unit test (#32240)\n * Avoid AttributeError: internal_network on os_floating_ip (#32887)\n * use to_str instead of json.dumps when serializing k8s object for logging\n * Prefer the stdlib SSLContext over urllib3 context\n * git: fix archive when update is set to no (#31829)\n * Add elb_target_group port fix to the changelog\n * Changelog entry for aws_s3 issue #32144\n * Add error handling for user login (#32613)\n * Move asa provider to suboptions (#32356)\n * fix dci failure nxos (#32877) (#32878)\n * Add inventory jsonification to the changelog\n * eos_eapi: adding the desired state config to the new vrf fixes #32111 (#32112) (#32452)\n * Handle ip name-server lines containing multiple nameservers (#32235) (#32373)\n * Remove provider from prepare_ios_tests integration test (#31038)\n * Add last minute bugfixes and doc updates for rc1\n * Fix snmp bugs on Nexus 3500 platform (#32773) (#32847)\n * validate that existing dest is valid directory\n * Update the release data for 2.4.1 in the changelog\n * add check mode for acs delete (#32063)\n * More fixes added to changelog\n * Add wait_for fix to the changelog\n * removed psobject to hashtables that were missed (#32710)\n * wait_for: treat broken connections as 'unready' (#28839)\n * Return all elements in a more robust way\n * fix ios_interface test (#32372)\n * Add missing packages to default docker image.\n * fix nxos_igmp_snooping (#31688)\n * - Fix to return error message back to the module. (#31035)\n * Ensure that readonly result members are serialized (#33170)\n * Keywords docs (#32807)\n * remove hosts from removed when rescuing\n * Add panos_security_rule docs typo fix to changelog\n * Update vyos completion in network.txt.\n * move to use ansible logging\n * ovirt_clusters: Fix fencing and kuma comparision\n * Documentation typo fixes (#32473)\n * [fix] issue #30516 : take care about autoremove in upgrade function\n * Enable ECHO in prompt module (#32083)\n * calculate max fail against all hosts in batch\n * Fix urlparse import for Python3 (#31240)\n * Bunch of changelog updates for cherry-picks\n * restore hostpattern regex/glob behaviour\n * Better handling of malformed vault data envelope (#32515)\n * Updated changelog regarding win_service quoted path fix\n * nxos_interface error handling (#32846)\n * An availability zone will be selected if none is provided. Set az to an empty string if it's None to avoid traceback. (#32216)\n * Use to_native when validating proxy result (#32596)\n * vmware_guest: refactor spec serialization (#32681)\n * Add new default Docker container for ansible-test. (#31944)\n * warn on bad keys in group\n * NXOS: Integration tests to Ansible (part 3) (#29030)\n * Add spec file fix to changelog\n * eos_user testfix (#32264)\n * iam.py: return iam.role dict when creating roles (#28964)\n * Add networking bug fixes to changelog (#32201)\n * [cloud] sns_topic: Fix unreferenced variable\n * Fix service_mgr fact collection (#32086)\n * Fix include_role unit tests (#31920)\n * Updated changelog for win_iis_* modules things\n * handle ignore_errors in loop\n * adjust nohome param when using luser\n * better cleanup on task results display (#27175)\n * Improve python 2/3 ABC fallback for pylint. (#31848)\n * fix html formatting\n * Add ansible_shell_executable fix to changelog\n * Move resource pool login to a separate function and fix undefined var reference (#32674)\n * Update ansible-test sanity command. (#31958)\n * ios_ping test fix (#32342)\n * fix CI failure yaml syntax (#32374)\n * Scan group_vars/host_vars in sorted order\n * luseradd defaults to creating w/o need for -m (#32411)\n * Integration Tests only: nxos_udld, nxos_udld_interface, nxos_vxlan_vtep_vni (#29143) (#32962)\n * Fix: modifying existing application lb using certificates now properly sets certificates (#28217)\n * ios_logging: Fix some smaller issues, add unit test (#32321)\n * Fix nxos_snmp_host bug (#32916) (#32958)\n * ovirt_hosts: Don't fail upgrade when NON_RESPONSIVE state\n * ini plugin should recursively instantiate pending\n * eos_user: sends user secret first on user creation fixes #31680 (#32162)\n * Cast target port to an int in elb_target_group. Fixes #32098 (#32202)\n * New release v2.4.2.0-0.5.rc1\n * remove misleading group vars as they are flat (#32276)\n * Fix typo\n * Avoid default inventory proccessing for pull (#32135)\n * Fix ansible-test default image. (#31966)\n * removed superfluous `type` field from RecordSet constructor (#33167)\n * Update k8s_common.py\n * Add ios_logging fixes to changelog 2.4.2beta2 (#32447)\n * Revert 'Removed a force conditional (#28851)' (#32282)\n * Add new documentation on writing unittests to the changelog\n * Fix ansible-test race calling get_coverage_path.\n * New release v2.4.2.0-1\n- update to 2.3.2.0 (final) - bsc#1059235\n- update to 2.3.1 RC1 (package version 2.3.0.1) (bsc#1056094):\n as 'unsafe'. bsc#1038785\n * SECURITY (MODERATE): fix for CVE-2017-7466, which finally fixes\n an arbitrary command execution vulnerability\n- security update to rc4 of 2.2.1.0 version CVE-2016-9587,\n CVE-2016-8628, CVE-2016-8614, CVE-2016-8647, CVE-2016-9587\n (bsc#1008037, bsc#1008038, bsc#1010940, bsc#1019021)\n\nChanges in ardana-ansible:\n- Update to version 8.0+git.1596735237.54109b1:\n * Update the Swift XFS inode size check (SOC-10300)\n\n- Update to version 8.0+git.1596204601.75b0e4e:\n * Fix upgrade validations Keystone V3 check target (SOC-10300)\n\nChanges in ardana-cinder:\n- Update to version 8.0+git.1596129856.263f430:\n * Install python-swiftclient as cinder-backup dependency (SOC-11364)\n\nChanges in ardana-glance:\n- Update to version 8.0+git.1593631779.76fa9b7:\n * Idempotent cirros image upload to glance (SOC-11342)\n\nChanges in ardana-mq:\n- Update to version 8.0+git.1593618123.678c32b:\n * Ensure epmd.service started/stopped independent of rabbitmq (SOC-6780)\n\nChanges in ardana-nova:\n- Update to version 8.0+git.1601298847.dd01585:\n * restore ram_weight_multiplier to default (bsc#1123561)\n * enable all weigher classes by default (bsc#1123561)\n\n- Update to version 8.0+git.1595857666.cf6b4a9:\n * Correction for (bsc#1174242)\n\n- Update to version 8.0+git.1595356665.56726ed:\n * Disable nova-consoleauth monasca process check (bsc#1174242)\n\nChanges in ardana-osconfig:\n- Update to version 8.0+git.1595885113.93abcbc:\n * Enable SLE12 SP3 LTSS for SMT deployments (SOC-11223)\n\nChanges in crowbar-core:\n- Update to version 5.0+git.1600432272.b3ad722f0:\n * provisioner: check for client_user (SOC-11389)\n * upgrade: Allow transition from crowbar_upgrade to reboot (trivial)\n\n- Update to version 5.0+git.1600352887.1e23b8015:\n * Ignore CVE-2020-15169 (SOC-11391)\n\n- Update to version 5.0+git.1594898401.caf0b325c:\n * crowbar: Also add access to /restricted/ in SSL vhost (SOC-11352)\n\n- Update to version 5.0+git.1593779118.8362c57e5:\n * crowbar: Allow hardware-installing -> discovering transition (noref)\n * crowbar: Add Restricted controller with API for restricted clients (bsc#1117080)\n * crowbar: Add complete list of states to Crowbar::State (noref)\n * provisioner: Remove the need for /updates/parse_node_data (noref)\n * crowbar: Create helper module to validate states (noref)\n * provisioner: Use new restricted API (bsc#1117080)\n * provisioner: Do not read /etc/crowbar.install.key from crowbar_joi (bsc#1117080)\n * provisioner: Remove use of privileged user for Windows machine (bsc#1117080)\n * provisioner: Use restricted client during provisioning (bsc#1117080)\n * provisioner: Use restricted client for crowbar_register (bsc#1117080)\n * provisioner: Drop /etc/crowbar.install.key bits from autoyast prof (bsc#1117080)\n * Avoid hardcoding machine-install user (bsc#1117080)\n * crowbar: Restrict admin access (bsc#1117080)\n\nChanges in crowbar-openstack:\n- Update to version 5.0+git.1599037158.5c4d07480:\n * horizon: Update configuration for Grafana 5.x\n\nChanges in documentation-suse-openstack-cloud:\n- Update to version 8.20201007:\n * reveresed step8 and 9 in PTF installation (SOC-10616)\n * Modified the PTF install instructions as per the (SOC-10616)\n\n- Update to version 8.20200904:\n * Clarify reboot instructions during update workflow (SOC-11386)\n\n- Update to version 8.20200921:\n * replacd postgreSQL to MariaDB as per comments4 and 5 in ticket (SOC-11000)\n\n- Update to version 8.20200424:\n * Update ESX documentation for DVS creation (bsc#1142121)\n * Fix table issues\n\nChanges in grafana:\n- BuildRequire go1.14 explicitly \n\n- Add recompress source service\n- Add go_modules source service to create vendor.tar.gz\n containing 3rd party go modules.\n- Adjust spec to work for Grafana-6.7.4\n- Adjust Makefile to work for Grafana-6.7.4\n- Remove CVE-2019-15043.patch (merged upstream)\n- Remove CVE-2020-13379.patch (merged upstream)\n- Remove 0001-fix-XSS-vulnerabilities-in-dashboard-links.patch (merged upstream)\n- Remove 0002-CVE-2020-12052-bsc1170657-XSS-annotation-popup-vulnerability.patch\n (merged upstream)\n- Remove systemd-notification.patch (merged upstream)\n- Update to version 6.7.4 (bsc#1172450, CVE-2018-18623,\n CVE-2018-18624, CVE-2018-18625, bsc#1174583, CVE-2020-11110)\n * Security: Urgent security fix for stored XSS\n- Update to version 6.7.3\n * Admin: Fix Synced via LDAP message for non-LDAP external users. [#23477]\n * Alerting: Fix notifications for alerts with empty message in Google\n Hangouts notifier. [#23559]\n * AuthProxy: Fix bug where long username could not be cached. [#22926]\n * Dashboard: Fix saving dashboard when editing raw dashboard JSON model.\n [#23314]\n * Dashboard: Try to parse 8 and 15 digit numbers as timestamps if parsing of\n time range as date fails. [#21694]\n * DashboardListPanel: Fix problem with empty panel after going into edit\n mode (General folder filter being automatically added) . [#23426]\n * Data source: Handle datasource withCredentials option properly. [#23380]\n * Security: Fix annotation popup XSS vulnerability [#23813]\n * Security: Fix XSS vulnerability in table panel [#23816]\n * Server: Exit Grafana with status code 0 if no error. [#23312]\n * TablePanel: Fix XSS issue in header column rename (backport). [#23814]\n * Variables: Fix error when setting adhoc variable values. [#23580]\n- Update to version 6.7.2\n * BackendSrv: Adds config to response to fix issue for external plugins that\n used this property . [#23032]\n * Dashboard: Fix issue with saving new dashboard after changing title .\n [#23104]\n * DataLinks: make sure we use the correct datapoint when dataset contains\n null value.. [#22981]\n * Plugins: Fix issue for plugins that imported dateMath util . [#23069]\n * Security: Fix for dashboard snapshot original dashboard link could contain\n XSS vulnerability in url. [#23254]\n * Variables: Fix issue with too many queries being issued for nested\n template variables after value change. [#23220]\n * Plugins: Expose promiseToDigest. [#23249]\n * Reporting: Fix issue updating a report created by someone else\n (Enterprise)\n- Update to version 6.7.1\n * Azure: Fix dropdowns not showing current value. [#22914]\n * BackendSrv: only add content-type on POST, PUT requests. [#22910]\n * Panels: Fix size issue with panel internal size when exiting panel edit\n mode. [#22912]\n * Reporting: fixes migrations compatibility with mysql (Enterprise)\n * Reporting: Reduce default concurrency limit to 4 (Enterprise)\n- Update to version 6.7.0\n * AzureMonitor: support workspaces function for template variables. [#22882]\n * SQLStore: Add migration for adding index on annotation.alert_id. [#22876]\n * TablePanel: Enable new units picker . [#22833]\n * AngularPanels: Fix inner height calculation for angular panels. [#22796]\n * BackendSrv: makes sure provided headers are correctly recognized and set. [#22778]\n * Forms: Fix input suffix position (caret-down in Select) . [#22780]\n * Graphite: Fix issue with query editor and next select metric now showing\n after selecting metric node [#22856]\n * Rich History: UX adjustments and fixes. [#22729]\n * Slack: Removed _Mention_ setting and instead introduce _Mention Users_,\n _Mention Groups_, and _Mention Channel_.\n * Alerting: Reverts the behavior of `diff` and `percent_diff` to not always\n be absolute.\n * API: Include IP address when logging request error. [#21596]\n * Alerting: Support passing tags to Pagerduty and allow notification on\n specific event categories [#21335]\n * Chore: Remove angular dependency from backendSrv. [#20999]\n * CloudWatch: Surround dimension names with double quotes. [#22222]\n * CloudWatch: updated metrics and dimensions for Athena, DocDB, and\n Route53Resolver. [#22604]\n * Cloudwatch: add Usage Metrics. [#22179]\n * Dashboard: Adds support for a global minimum dashboard refresh interval.\n [#19416]\n * DatasourceEditor: Add UI to edit custom HTTP headers. [#17846]\n Elastic: To get fields, start with today's index and go backwards. [#22318]\n * Explore: Rich history. [#22570]\n * Graph: canvas's Stroke is executed after loop. [#22610]\n * Graphite: Don't issue empty 'select metric' queries. [#22699]\n * Image Rendering: Store render key in remote cache to enable renderer to\n callback to public/load balancer URL when running in HA mode. [#22031]\n * LDAP: Add fallback to search_base_dns if group_search_base_dns is\n undefined [#21263]\n * OAuth: Implement Azure AD provide. [#20030]\n * Prometheus: Implement region annotation. [#22225]\n * Prometheus: make \\$\\_\\_range more precise. [#21722]\n * Prometheus: Do not show rate hint when increase function is used in query.\n [#21955]\n * Stackdriver: Project selector. [#22447]\n * TablePanel: display multi-line text. [#20210]\n * Templating: Add new global built-in variables. [#21790]\n * Reporting: add concurrent render limit to settings (Enterprise)\n * Reporting: Add rendering timeout in settings (Enterprise)\n * API: Fix redirect issues. [#22285]\n * Alerting: Don't include image_url field with Slack message if empty.\n [#22372]\n * Alerting: Fix bad background color for default notifications in alert tab\n . [#22660]\n * Annotations: In table panel when setting transform to annotation, they will\n now show up right away without a manual refresh. [#22323]\n * Azure Monitor: Fix app insights source to allow for new timeFrom and\n timeTo. [#21879]\n * BackendSrv: Fix POST body for form data. [#21714]\n * CloudWatch: Credentials cache invalidation fix. [#22473]\n CloudWatch: Expand alias variables when query yields no result [#22695]\n * Dashboard: Fix bug with NaN in alerting. [#22053]\n * Explore: Fix display of multiline logs in log panel and explore. [#22057]\n * Heatmap: Legend color range is incorrect when using custom min/max\n [#21748]\n * Security: Fix XSS issue in dashboard history diff. [#22680]\n * StatPanel: Fix base color being used for null values. [#22646]\n- Update to version 6.6.2\n * Data proxy: Log proxy errors using Grafana logger. [#22174]\n * Metrics: Add gauge for requests currently in flight. [#22168]\n * @grafana/ui: Fix displaying of bars in React Graph. [#21968]\n * API: Fix redirect issue when configured to use a subpath. [#21652]\n * API: Improve recovery middleware when response already been written [#22256]\n * Auth: Don't rotate auth token when requests are cancelled by client [#22106]\n * Elasticsearch: Fix auto interval for date histogram in explore logs mode. [#21937]\n * Image Rendering: Fix PhantomJS compatibility with es2016 node dependencies. [#21677]\n * Links: Assure base url when single stat, panel and data links are built. [#21956]\n * Loki, Prometheus: Fix PromQL and LogQL syntax highlighting. [#21944]\n * OAuth: Enforce auto_assign_org_id setting when role mapping enabled using\n Generic OAuth. [#22268]\n * Prometheus: Updates explore query editor to prevent it from throwing error\n on edit. [#21605]\n * Server: Reorder cipher suites for better security. [#22101]\n * TimePicker: fixing weird behavior with calendar when switching between\n months/years. [#22253]\n- Update to version 6.6.1\n * Annotations: Change indices and rewrites annotation find query to improve\n database query performance. [#21915]\n * Azure Monitor: Fix Application Insights API key field to allow input. [#21738]\n * BarGauge: Fix so we properly display the 'no result' value when query\n returns empty result. [#21791]\n * Datasource: Show access (Browser/Server) select on the Prometheus\n datasource. [#21833]\n * DatasourceSettings: Fix issue navigating away from data source settings\n page. [#21841]\n * Graph Panel: Fix typo in thresholds form. [#21903]\n * Graphite: Fix issue with functions with multiple required params and no\n defaults [#21814]\n * Image Rendering: Fix render of graph panel legend aligned to the right\n using Grafana image renderer plugin/service. [#21854]\n * Metrics: Adds back missing summary quantiles. [#21858]\n * OpenTSDB: Adds back missing ngInject to make it work again. [#21796]\n * Plugins: Fix routing in app plugin pages. [#21847]\n * Prometheus: Fix default step value for annotation query. [#21934]\n * Quota: Makes LDAP + Quota work for the first login of a new user. [#21949]\n * StatPanels: Fix change from singlestat to Gauge / BarGauge / Stat where\n default min & max (0, 100) was copied . [#21820]\n * TimePicker: Should display in kiosk mode. [#21816]\n * grafana/toolkit: Fix failing linter when there were lint issues. [#21849]\n- Update to version 6.6.0\n * CloudWatch: Add DynamoDB Accelerator (DAX) metrics & dimensions. [#21644]\n * CloudWatch: Auto period snap to next higher period. [#21659]\n * Template variables: Add error for failed query variable on time range\n update. [#21731]\n * XSS: Sanitize column link. [#21735]\n * Elasticsearch: Fix adhoc variable filtering for logs query. [#21346]\n * Explore: Fix colors for log level when level value is capitalised. [#21646]\n * Explore: Fix context view in logs, where some rows may have been filtered\n out. [#21729]\n Loki: Fix Loki with repeated panels and interpolation for Explore. [#21685]\n * SQLStore: Fix PostgreSQL failure to create organisation for first time. [#21648]\n * PagerDuty: Change `payload.custom_details` field in PagerDuty notification\n to be a JSON object instead of a string.\n * Security: The `[security]` setting `cookie_samesite` configured to `none`\n now renders cookies with `SameSite=None` attribute.\n * Graphite: Add Metrictank dashboard to Graphite datasource\n * Admin: Show name of user in users table view. [#18108]\n * Alerting: Add configurable severity support for PagerDuty notifier. [#19425]\n * Alerting: Add more information to webhook notifications. [#20420]\n * Alerting: Add support for sending tags in OpsGenie notifier. [#20810]\n * Alerting: Added fallbackText to Google Chat notifier. [#21464]\n * Alerting: Adds support for sending a single email to all recipients in\n email notifier. [#21091]\n * Alerting: Enable setting of OpsGenie priority via a tag. [#21298]\n * Alerting: Use fully qualified status emoji in Threema notifier. [#21305]\n * Alerting: new min_interval_seconds option to enforce a minimum evaluation\n frequency. [#21188]\n * CloudWatch: Calculate period based on time range. [#21471]\n * CloudWatch: Display partial result in graph when max DP/call limit is\n reached. [#21533]\n * CloudWatch: ECS/ContainerInsights metrics support. [#21125]\n * CloudWatch: Upgrade aws-sdk-go. [#20510]\n * DataLinks: allow using values from other fields in the same row (cells). [#21478]\n * Editor: Ignore closing brace when it was added by editor. [#21172]\n * Explore: Context tooltip to copy labels and values from graph. [#21405]\n * Explore: Log message line wrapping options for logs. [#20360]\n * Forms: introduce RadioButtonGroup. [#20828]\n * Frontend: Changes in Redux location should not strip subpath from location\n url. [#20161]\n * Graph: Add fill gradient option to series override line fill. [#20941]\n * Graphite: Add metrictank dashboard to Graphite datasource. [#20776]\n * Graphite: Do not change query when opening the query editor and there is no\n data. [#21588]\n * Gravatar: Use HTTPS by default. [#20964]\n * Loki: Support for template variable queries. [#20697]\n * NewsPanel: Add news as a builtin panel. [#21128]\n * OAuth: Removes send_client_credentials_via_post setting. [#20044]\n * OpenTSDB: Adding lookup limit to OpenTSDB datasource settings. [#20647]\n * Postgres/MySQL/MSSQL: Adds support for region annotations. [#20752]\n * Prometheus: Field to specify step in Explore. [#20195]\n * Prometheus: User metrics metadata to inform query hints. [#21304]\n * Renderer: Add user-agent to remote rendering service requests. [#20956]\n * Security: Add disabled option for cookie samesite attribute. [#21472]\n * Stackdriver: Support meta labels. [#21373]\n * TablePanel, GraphPanel: Exclude hidden columns from CSV. [#19925]\n * Templating: Update variables on location changed. [#21480]\n * Tracing: Support configuring Jaeger client from environment. [#21103]\n * Units: Add currency and energy units. [#20428]\n * Units: Support dynamic count and currency units. [#21279]\n * grafana/toolkit: Add option to override webpack config. [#20872]\n * grafana/ui: ConfirmModal component. [#20965]\n * grafana/ui: Create Tabs component. [#21328]\n * grafana/ui: New table component. [#20991]\n * grafana/ui: New updated time picker. [#20931]\n * White-labeling: Makes it possible to customize the footer and login\n background (Enterprise)\n * API: Optionally list expired API keys. [#20468]\n * Alerting: Fix custom_details to be a JSON object instead of a string in\n PagerDuty notifier. [#21150]\n * Alerting: Fix image rendering and uploading timeout preventing to send\n alert notifications. [#21536]\n * Alerting: Fix panic in dingding notifier. [#20378]\n * Alerting: Fix template query validation logic. [#20721]\n * Alerting: If no permission to clear history, keep the historical data. [#19007]\n * Alerting: Unpausing a non-paused alert rule should not change status to\n Unknown. [#21375]\n * Api: Fix returned message when enabling, disabling and deleting a\n non-existing user. [#21391]\n * Auth: Rotate auth tokens at the end of requests. [#21347]\n * Azure Monitor: Fix error when using azure monitor credentials with log\n analytics and non-default cloud. [#21032]\n * CLI: Return error and aborts when plugin file extraction fails. [#20849]\n * CloudWatch: Multi-valued template variable dimension alias fix. [#21541]\n * Dashboard: Disable draggable panels on small devices. [#20629]\n * DataLinks: Links with \\${\\_\\_value.time} do not work when clicking on first\n result. [#20019]\n * Explore: Fix showing of results in selected timezone (UTC/local). [#20812]\n * Explore: Fix timepicker when browsing back after switching datasource. [#21454]\n * Explore: Sync timepicker and logs after live-tailing stops. [#20979]\n * Graph: Fix when clicking a plot on a touch device we won't display the\n annotation menu. [#21479]\n * OAuth: Fix role mapping from id token. [#20300]\n * Plugins: Add appSubUrl string to config pages. [#21414]\n * Provisioning: Start provision dashboards after Grafana server have started. [#21564]\n * Render: Use https as protocol when rendering if HTTP2 enabled. [#21600]\n * Security: Use same cookie settings for all cookies. [#19787]\n * Singlestat: Support empty value map texts. [#20952]\n * Units: Custom suffix and prefix units can now be specified, for example\n custom currency & SI & time formats. [#20763]\n * grafana/ui: Do not build grafana/ui in strict mode as it depends on\n non-strict libs. [#21319]\n- Update to version 6.5.3\n * API: Validate redirect_to cookie has valid (Grafana) url. [#21057]\n * AdHocFilter: Shows SubMenu when filtering directly from table. [#21017]\n * Cloudwatch: Fix crash when switching from cloudwatch data source. [#21376]\n * DataLinks: Sanitize data/panel link URLs. [#21140]\n * Elastic: Fix multiselect variable interpolation for logs. [#20894]\n * Prometheus: allow user to change HTTP Method in config settings. [#21055]\n * Prometheus: Prevents validation of inputs when clicking in them without\n changing the value. [#21059]\n * Rendering: Fix panel PNG rendering when using sub url and\n serve_from_sub_path = true. [#21306]\n * Table: Matches column names with unescaped regex characters. [#21164]\n- Update to version 6.5.2\n * Alerting: Improve alert threshold handle dragging behavior. [#20922]\n * AngularPanels: Fix loading spinner being stuck in some rare cases. [#20878]\n * CloudWatch: Fix query editor does not render in Explore. [#20909]\n * CloudWatch: Remove illegal character escaping in inferred expressions. [#20915]\n * CloudWatch: Remove template variable error message. [#20864]\n * CloudWatch: Use datasource template variable in curated dashboards. [#20917]\n * Elasticsearch: Set default port to 9200 in ConfigEditor. [#20948]\n * Gauge/BarGauge: Added support for value mapping of 'no data'-state to\n text/value. [#20842]\n * Graph: Prevent tooltip from being displayed outside of window. [#20874]\n * Graphite: Fix error with annotation metric queries. [#20857]\n * Login: Fix fatal error when navigating from reset password page. [#20747]\n * MixedDatasources: Do not filter out all mixed data sources in add mixed\n query dropdown. [#20990]\n * Prometheus: Fix caching for default labels request. [#20718]\n * Prometheus: Run default labels query only once. [#20898]\n * Security: Fix invite link still accessible after completion or revocation. [#20863]\n * Server: Fail when unable to create log directory. [#20804]\n * TeamPicker: Increase size limit from 10 to 100. [#20882]\n * Units: Remove SI prefix symbol from new milli/microSievert(/h) units. [#20650]\n- Update to version 6.5.1\n * CloudWatch: Region template query fix. [#20661]\n * CloudWatch: Fix annotations query editor loading. [#20687]\n * Panel: Fix undefined services/dependencies in plugins without\n `/@ngInject*/`. [#20696]\n * Server: Fix failure to start with 'bind: address already in use' when using\n socket as protocol. [#20679]\n * Stats: Fix active admins/editors/viewers stats are counted more than once\n if the user is part of more than one org. [#20711]\n- Update to version 6.5.0\n * CloudWatch: Add curated dashboards for most popular amazon services. [#20486]\n * CloudWatch: Enable Min time interval. [#20260]\n * Explore: UI improvements for log details. [#20485]\n * Server: Improve grafana-server diagnostics configuration for profiling and\n tracing. [#20593]\n * BarGauge/Gauge: Add back missing title option field display options. [#20616]\n * CloudWatch: Fix high CPU load. [#20579]\n * CloudWatch: Fix high resolution mode without expression. [#20459]\n * CloudWatch: Make sure period variable is being interpreted correctly. [#20447]\n * CloudWatch: Remove HighResolution toggle since it's not being used. [#20440]\n * Cloudwatch: Fix LaunchTime attribute tag bug. [#20237]\n * Data links: Fix URL field turns read-only for graph panels. [#20381]\n * Explore: Keep logQL filters when selecting labels in log row details. [#20570]\n * MySQL: Fix TLS auth settings in config page. [#20501]\n * Provisioning: Fix unmarshaling nested jsonData values. [#20399]\n * Server: Should fail when server is unable to bind port. [#20409]\n * Templating: Prevents crash when \\$\\_\\_searchFilter is not a string. [#20526]\n * TextPanel: Fix issue with template variable value not properly html\n escaped [#20588]\n * TimePicker: Should update after location change. [#20466]\n * CloudWatch: use GetMetricsData API for all queries\n * CloudWatch: The GetMetricData API does not return metric unit, so unit auto\n detection in panels is no longer supported.\n * CloudWatch: The `HighRes` switch has been removed from the query editor.\n * API: Add `createdAt` and `updatedAt` to api/users/lookup. [#19496]\n * API: Add createdAt field to /api/users/:id. [#19475]\n * Admin: Adds setting to disable creating initial admin user. [#19505]\n * Alerting: Include alert_state in Kafka notifier payload. [#20099]\n * AuthProxy: Can now login with auth proxy and get a login token. [#20175]\n * AuthProxy: replaces setting ldap_sync_ttl with sync_ttl. [#20191]\n * AzureMonitor: Alerting for Azure Application Insights. [#19381]\n * Build: Upgrade to Go 1.13. [#19502]\n * CLI: Reduce memory usage for plugin installation. [#19639]\n * CloudWatch: Add ap-east-1 to hard-coded region lists. [#19523]\n * CloudWatch: ContainerInsights metrics support. [#18971]\n * CloudWatch: Support dynamic queries using dimension wildcards [#20058]\n * CloudWatch: Stop using GetMetricStatistics and use GetMetricData for all\n time series requests [#20057]\n * CloudWatch: Convert query editor from Angular to React [#19880]\n * CloudWatch: Convert config editor from Angular to React [#19881]\n * CloudWatch: Improved error handling when throttling occurs [#20348]\n * CloudWatch: Deep linking from Grafana panel to CloudWatch console [#20279]\n * CloudWatch: Add Grafana user agent to GMD calls [#20277]\n * Dashboard: Allows the d-solo route to be used without slug. [#19640]\n * Elasticsearch: Adds support for region annotations. [#17602]\n * Explore: Add custom DataLinks on datasource level (like tracing links). [#20060]\n * Explore: Add functionality to show/hide query row results. [#19794]\n * Explore: Synchronise time ranges in split mode. [#19274]\n * Explore: UI change for log row details . [#20034]\n * Frontend: Migrate DataSource HTTP Settings to React. [#19452]\n * Frontend: Show browser not supported notification. [#19904]\n * Graph: Added series override option to have hidden series be persisted on\n save. [#20124]\n * Graphite: Add Metrictank option to settings to view Metrictank request\n processing info in new inspect feature. [#20138]\n * LDAP: Enable single user sync. [#19446]\n * LDAP: Last org admin can login but wont be removed. [#20326]\n * LDAP: Support env variable expressions in ldap.toml file. [#20173]\n * OAuth: Generic OAuth role mapping support. [#17149]\n * Prometheus: Custom query parameters string for Thanos downsampling. [#19121]\n * Provisioning: Allow saving of provisioned dashboards. [#19820]\n * Security: Minor XSS issue resolved by angularjs upgrade from 1.6.6 ->\n 1.6.9. [#19849]\n * TablePanel: Prevents crash when data contains mixed data formats. [#20202]\n * Templating: Introduces \\$\\_\\_searchFilter to Query Variables. [#19858]\n * Templating: Made default template variable query editor field a textarea\n with automatic height. [#20288]\n * Units: Add milli/microSievert, milli/microSievert/h and pixels. [#20144]\n * Units: Added mega ampere and watt-hour per kg. [#19922]\n * Enterprise: Enterprise without a license behaves like OSS (Enterprise)\n * API: Added dashboardId and slug in response to dashboard import api. [#19692]\n * API: Fix logging of dynamic listening port. [#19644]\n * BarGauge: Fix so that default thresholds not keeps resetting. [#20190]\n * CloudWatch: Fix incorrect casing of Redshift dimension entry for service\n class and stage. [#19897]\n * CloudWatch: Fixing AWS Kafka dimension names. [#19986]\n * CloudWatch: Metric math broken when using multi template variables [#18337]\n * CloudWatch: Graphs with multiple multi-value dimension variables don't work [#17949]\n * CloudWatch: Variables' values surrounded with braces in request sent to AWS [#14451]\n * CloudWatch: Cloudwatch Query for a list of instances for which data is\n available in the selected time interval [#12784]\n * CloudWatch: Dimension's positioning/order should be stored in the json\n dashboard [#11062]\n * CloudWatch: Batch CloudWatch API call support in backend [#7991]\n * ColorPicker: Fix issue with ColorPicker disappearing too quickly. [#20289]\n * Datasource: Add custom headers on alerting queries. [#19508]\n plugins in alpine. [#20214]\n * Elasticsearch: Fix template variables interpolation when redirecting to\n Explore. [#20314]\n * Elasticsearch: Support rendering in logs panel. [#20229]\n * Explore: Expand template variables when redirecting from dashboard panel. [#19582]\n * OAuth: Make the login button display name of custom OAuth provider. [#20209]\n * ReactPanels: Adds Explore menu item. [#20236]\n * Team Sync: Fix URL encode Group IDs for external team sync. [#20280]\n- Update to version 6.4.5\n * CloudWatch: Fix high CPU load [#20579]\n- Update to version 6.4.4\n * MySQL: Fix encoding in connection string [#20192]\n * DataLinks: Fix blur issues. [#19883]\n * LDAP: try all LDAP servers even if one returns a connection error. [#20077]\n * LDAP: No longer shows incorrectly matching groups based on role in debug\n page. [#20018]\n * Singlestat: Fix no data / null value mapping . [#19951]\n- Update to version 6.4.3\n * Alerting: All notification channels should send even if one fails to send. [#19807]\n * AzureMonitor: Fix slate interference with dropdowns. [#19799]\n * ContextMenu: make ContextMenu positioning aware of the viewport width. [#19699]\n * DataLinks: Fix context menu not showing in singlestat-ish visualisations. [#19809]\n * DataLinks: Fix url field not releasing focus. [#19804]\n * Datasource: Fix issue where clicking outside of some query editors required\n 2 clicks. [#19822]\n * Panels: Fix default tab for visualizations without Queries Tab. [#19803]\n * Singlestat: Fix issue with mapping null to text. [#19689]\n * @grafana/toolkit: Don't fail plugin creation when git user.name config is\n not set. [#19821]\n * @grafana/toolkit: TSLint line number off by 1. [#19782]\n- Update to version 6.4.2\n * CloudWatch: Changes incorrect dimension wmlid to wlmid . [#19679]\n * Grafana Image Renderer: Fix plugin page. [#19664]\n * Graph: Fix auto decimals logic for y axis ticks that results in too many\n decimals for high values. [#19618]\n * Graph: Switching to series mode should re-render graph. [#19623]\n * Loki: Fix autocomplete on label values. [#19579]\n * Loki: Removes live option for logs panel. [#19533]\n * Profile: Fix issue with user profile not showing more than sessions\n sessions in some cases. [#19578]\n * Prometheus: Always sort results in Panel by query order. [#19597]\n * Show SAML login button if SAML is enabled. [#19591]\n * SingleStat: Fix $__name postfix/prefix usage. [#19687]\n * Table: Proper handling of json data with dataframes. [#19596]\n * Units: Fix wrong id for Terabits/sec. [#19611]\n- Update to version 6.4.1\n * Provisioning: Fix issue where empty nested keys in YAML provisioning\n caused server crash, [#19547]\n- Update to version 6.4.0\n * Build: Upgrade go to 1.12.10. [#19499]\n * DataLinks: Suggestions menu improvements. [#19396]\n * Explore: Take root_url setting into account when redirecting from dashboard\n to explore. [#19447]\n * Explore: Update broken link to logql docs. [#19510]\n * Logs: Adds Logs Panel as a visualization. [#19504]\n * Reporting: Generate and email PDF reports based on Dashboards (Enterprise)\n * CLI: Fix version selection for plugin install. [#19498]\n * Graph: Fix minor issue with series override color picker and custom color. [#19516]\n * Splunk plugin needs to be updated when upgrading from 6.3 to 6.4\n * Azure Monitor: Remove support for cross resource queries (#19115)'. [#19346]\n * Graphite: Time range expansion reduced from 1 minute to 1 second. [#19246]\n * grafana/toolkit: Add plugin creation task. [#19207]\n * Alerting: Prevents creating alerts from unsupported queries. [#19250]\n * Alerting: Truncate PagerDuty summary when greater than 1024 characters. [#18730]\n * Cloudwatch: Fix autocomplete for Gamelift dimensions. [#19146]\n * Dashboard: Fix export for sharing when panels use default data source. [#19315]\n * Database: Rewrite system statistics query to perform better. [#19178]\n * Gauge/BarGauge: Fix issue with [object Object] in titles . [#19217]\n * MSSQL: Revert usage of new connectionstring format introduced by #18384. [#19203]\n * Multi-LDAP: Do not fail-fast on invalid credentials. [#19261]\n * MySQL, Postgres, MSSQL: Fix validating query with template variables in\n alert. [#19237]\n * MySQL, Postgres: Update raw sql when query builder updates. [#19209]\n * MySQL: Limit datasource error details returned from the backend. [#19373]\n * Reporting: Created scheduled PDF reports for any dashboard (Enterprise).\n * API: Readonly datasources should not be created via the API. [#19006]\n * Alerting: Include configured AlertRuleTags in Webhooks notifier. [#18233]\n * Annotations: Add annotations support to Loki. [#18949]\n * Annotations: Use a single row to represent a region. [#17673]\n * Auth: Allow inviting existing users when login form is disabled. [#19048]\n * Azure Monitor: Add support for cross resource queries. [#19115]\n * CLI: Allow installing custom binary plugins. [#17551]\n * Dashboard: Adds Logs Panel (alpha) as visualization option for Dashboards. [#18641]\n * Dashboard: Reuse query results between panels . [#16660]\n * Dashboard: Set time to to 23:59:59 when setting To time using calendar. [#18595]\n * DataLinks: Add DataLinks support to Gauge, BarGauge and stat panel. [#18605]\n * DataLinks: Enable access to labels & field names. [#18918]\n * DataLinks: Enable multiple data links per panel. [#18434]\n * Elasticsearch: allow templating queries to order by doc_count. [#18870]\n * Explore: Add throttling when doing live queries. [#19085]\n * Explore: Adds ability to go back to dashboard, optionally with query\n changes. [#17982]\n * Explore: Reduce default time range to last hour. [#18212]\n * Gauge/BarGauge: Support decimals for min/max. [#18368]\n * Graph: New series override transform constant that renders a single point\n as a line across the whole graph. [#19102]\n * Image rendering: Add deprecation warning when PhantomJS is used for\n rendering images. [#18933]\n * InfluxDB: Enable interpolation within ad-hoc filter values. [#18077]\n * LDAP: Allow an user to be synchronized against LDAP. [#18976]\n * Ldap: Add ldap debug page. [#18759]\n * Loki: Remove prefetching of default label values. [#18213]\n * Metrics: Add failed alert notifications metric. [#18089]\n * OAuth: Support JMES path lookup when retrieving user email. [#14683]\n * OAuth: return GitLab groups as a part of user info (enable team sync). [#18388]\n * Panels: Add unit for electrical charge - ampere-hour. [#18950]\n * Plugin: AzureMonitor - Reapply MetricNamespace support. [#17282]\n * Plugins: better warning when plugins fail to load. [#18671]\n * Postgres: Add support for scram sha 256 authentication. [#18397]\n * RemoteCache: Support SSL with Redis. [#18511]\n * SingleStat: The gauge option in now disabled/hidden (unless it's an old\n panel with it already enabled) . [#18610]\n * Stackdriver: Add extra alignment period options. [#18909]\n * Units: Add South African Rand (ZAR) to currencies. [#18893]\n * Units: Adding T,P,E,Z,and Y bytes. [#18706]\n * Alerting: Notification is sent when state changes from no_data to ok. [#18920]\n * Alerting: fix duplicate alert states when the alert fails to save to the\n database. [#18216]\n * Alerting: fix response popover prompt when add notification channels. [#18967]\n * CloudWatch: Fix alerting for queries with Id (using GetMetricData). [#17899]\n * Explore: Fix auto completion on label values for Loki. [#18988]\n * Explore: Fix crash using back button with a zoomed in graph. [#19122]\n * Explore: only run queries in Explore if Graph/Table is shown. [#19000]\n * MSSQL: Change connectionstring to URL format to fix using passwords with\n semicolon. [#18384]\n * MSSQL: Fix memory leak when debug enabled. [#19049]\n * Provisioning: Allow escaping literal '$' with '$\\$' in configs to avoid\n interpolation. [#18045]\n * TimePicker: Fix hiding time picker dropdown in FireFox. [#19154]\n * Various breaking changes in the annotations HTTP API for region annotations.\n- Update to version 6.3.7\n * CloudWatch: Fix high CPU load [#20579]\n- Update to version 6.3.6\n * Metrics: Adds setting for turning off total stats metrics. [#19142]\n * Database: Rewrite system statistics query to perform better. [#19178]\n * Explore: Fix error when switching from prometheus to loki data sources. [#18599]\n- Update to version 6.3.5\n * Dashboard: Fix dashboards init failed loading error for dashboards with\n panel links that had missing properties. [#18786]\n * Editor: Fix issue where only entire lines were being copied. [#18806]\n * Explore: Fix query field layout in splitted view for Safari browsers. [#18654]\n * LDAP: multildap + ldap integration. [#18588]\n * Profile/UserAdmin: Fix for user agent parser crashes grafana-server on\n 32-bit builds. [#18788]\n * Prometheus: Prevents panel editor crash when switching to Prometheus data\n source. [#18616]\n * Prometheus: Changes brace-insertion behavior to be less annoying. [#18698]\n- Update to version 6.3.4\n * Annotations: Fix failing annotation query when time series query is\n cancelled. [#18532]\n * Auth: Do not set SameSite cookie attribute if cookie_samesite is none. [#18462]\n * DataLinks: Apply scoped variables to data links correctly. [#18454]\n * DataLinks: Respect timezone when displaying datapoint's timestamp in graph\n context menu. [#18461]\n * DataLinks: Use datapoint timestamp correctly when interpolating variables. [#18459]\n * Explore: Fix loading error for empty queries. [#18488]\n * Graph: Fix legend issue clicking on series line icon and issue with\n horizontal scrollbar being visible on windows. [#18563]\n * Graphite: Avoid glob of single-value array variables . [#18420]\n * Prometheus: Fix queries with label_replace remove the \\$1 match when\n loading query editor. [#18480]\n * Prometheus: More consistently allows for multi-line queries in editor. [#18362]\n * TimeSeries: Assume values are all numbers. [#18540]\n- Update to version 6.3.2\n * Gauge/BarGauge: Fix issue with lost thresholds and an issue loading Gauge\n with avg stat. [#18375]\n- Update to version 6.3.1\n * PanelLinks: Fix crash issue with Gauge & Bar Gauge panels with panel links\n (drill down links). [#18430]\n- Update to version 6.3.0\n * OAuth: Do not set SameSite OAuth cookie if cookie_samesite is None. [#18392]\n * PanelLinks: Fix render issue when there is no panel description. [#18408]\n * Auth Proxy: Include additional headers as part of the cache key. [#18298]\n * OAuth: Fix 'missing saved state' OAuth login failure due to SameSite cookie\n policy. [#18332]\n * cli: fix for recognizing when in dev mode.. [#18334]\n * Build grafana images consistently. [#18224]\n * Docs: SAML. [#18069]\n * Permissions: Show plugins in nav for non admin users but hide plugin\n configuration. [#18234]\n * TimePicker: Increase max height of quick range dropdown. [#18247]\n * DataLinks: Fix incorrect interpolation of \\${\\_\\_series_name} . [#18251]\n * Loki: Display live tailed logs in correct order in Explore. [#18031]\n * PhantomJS: Fix rendering on Debian Buster. [#18162]\n * TimePicker: Fix style issue for custom range popover. [#18244]\n * Timerange: Fix a bug where custom time ranges didn't respect UTC. [#18248]\n * remote_cache: Fix redis connstr parsing. [#18204]\n * Alerting: Add tags to alert rules. [#10989]\n * Alerting: Attempt to send email notifications to all given email addresses. [#16881]\n * Alerting: Improve alert rule testing. [#16286]\n * Alerting: Support for configuring content field for Discord alert notifier. [#17017]\n * Alertmanager: Replace illegal chars with underscore in label names. [#17002]\n * Auth: Allow expiration of API keys. [#17678]\n * Auth: Return device, os and browser when listing user auth tokens in HTTP\n API. [#17504]\n * Auth: Support list and revoke of user auth tokens in UI. [#17434]\n * AzureMonitor: change clashing built-in Grafana variables/macro names for\n Azure Logs. [#17140]\n * CloudWatch: Made region visible for AWS Cloudwatch Expressions. [#17243]\n * Cloudwatch: Add AWS DocDB metrics. [#17241]\n * Dashboard: Use timezone dashboard setting when exporting to CSV. [#18002]\n * Data links. [#17267]\n * Elasticsearch: Support for visualizing logs in Explore . [#17605]\n * Explore: Adds Live option for supported data sources. [#17062]\n * Explore: Adds orgId to URL for sharing purposes. [#17895]\n * Explore: Adds support for new loki 'start' and 'end' params for labels\n endpoint. [#17512]\n * Explore: Adds support for toggling raw query mode in explore. [#17870]\n * Explore: Allow switching between metrics and logs . [#16959]\n * Explore: Combines the timestamp and local time columns into one. [#17775]\n * Explore: Display log lines context . [#17097]\n * Explore: Don't parse log levels if provided by field or label. [#17180]\n * Explore: Improves performance of Logs element by limiting re-rendering. [#17685]\n * Explore: Support for new LogQL filtering syntax. [#16674]\n * Explore: Use new TimePicker from Grafana/UI. [#17793]\n * Explore: handle newlines in LogRow Highlighter. [#17425]\n * Graph: Added new fill gradient option. [#17528]\n * GraphPanel: Don't sort series when legend table & sort column is not\n visible. [#17095]\n * InfluxDB: Support for visualizing logs in Explore. [#17450]\n * Logging: Login and Logout actions (#17760). [#17883]\n * Logging: Move log package to pkg/infra. [#17023]\n * Metrics: Expose stats about roles as metrics. [#17469]\n * MySQL/Postgres/MSSQL: Add parsing for day, weeks and year intervals in\n macros. [#13086]\n * MySQL: Add support for periodically reloading client certs. [#14892]\n * Plugins: replace dataFormats list with skipDataQuery flag in plugin.json. [#16984]\n * Prometheus: Take timezone into account for step alignment. [#17477]\n * Prometheus: Use overridden panel range for \\$\\_\\_range instead of dashboard\n range. [#17352]\n * Prometheus: added time range filter to series labels query. [#16851]\n * Provisioning: Support folder that doesn't exist yet in dashboard\n provisioning. [#17407]\n * Refresh picker: Handle empty intervals. [#17585]\n * Singlestat: Add y min/max config to singlestat sparklines. [#17527]\n * Snapshot: use given key and deleteKey. [#16876]\n * Templating: Correctly display __text in multi-value variable after page\n reload. [#17840]\n * Templating: Support selecting all filtered values of a multi-value\n variable. [#16873]\n * Tracing: allow propagation with Zipkin headers. [#17009]\n * Users: Disable users removed from LDAP. [#16820]\n * SAML: Add SAML as an authentication option (Enterprise)\n * AddPanel: Fix issue when removing moved add panel widget . [#17659]\n * CLI: Fix encrypt-datasource-passwords fails with sql error. [#18014]\n * Elasticsearch: Fix default max concurrent shard requests. [#17770]\n * Explore: Fix browsing back to dashboard panel. [#17061]\n * Explore: Fix filter by series level in logs graph. [#17798]\n * Explore: Fix issues when loading and both graph/table are collapsed. [#17113]\n * Explore: Fix selection/copy of log lines. [#17121]\n * Fix: Wrap value of multi variable in array when coming from URL. [#16992]\n * Frontend: Fix for Json tree component not working. [#17608]\n * Graphite: Fix for issue with alias function being moved last. [#17791]\n * Graphite: Fix issue with seriesByTag & function with variable param. [#17795]\n * Graphite: use POST for /metrics/find requests. [#17814]\n * HTTP Server: Serve Grafana with a custom URL path prefix. [#17048]\n * InfluxDB: Fix single quotes are not escaped in label value filters. [#17398]\n * Prometheus: Correctly escape '|' literals in interpolated PromQL variables. [#16932]\n * Prometheus: Fix when adding label for metrics which contains colons in\n Explore. [#16760]\n * SinglestatPanel: Remove background color when value turns null. [#17552]\n- Update to version 6.2.5\n * Grafana-CLI: Wrapper for `grafana-cli` within RPM/DEB packages and\n config/homepath are now global flags. [#17695]\n * Panel: Fully escape html in drilldown links (was only sanitized before). [#17731]\n * Config: Fix connectionstring for remote_cache in defaults.ini. [#17675]\n * Elasticsearch: Fix empty query (via template variable) should be sent as\n wildcard. [#17488]\n * HTTP-Server: Fix Strict-Transport-Security header. [#17644]\n * TablePanel: fix annotations display. [#17646]\n- Update to version 6.2.4\n * Grafana-CLI: Fix receiving flags via command line . [#17617]\n * HTTPServer: Fix X-XSS-Protection header formatting. [#17620]\n- Update to version 6.2.3\n * AuthProxy: Optimistic lock pattern for remote cache Set. [#17485]\n * HTTPServer: Options for returning new headers X-Content-Type-Options,\n X-XSS-Protection and Strict-Transport-Security. [#17522]\n * Auth Proxy: Fix non-negative cache TTL. [#17495]\n * Grafana-CLI: Fix receiving configuration flags from the command line. [#17606]\n * OAuth: Fix for wrong user token updated on OAuth refresh in DS proxy. [#17541]\n * remote_cache: Fix redis. [#17483]\n- Update to version 6.2.2\n * Security: Prevent CSV formula injection attack when exporting data. [#17363]\n * CloudWatch: Fix error when hiding/disabling queries. [#17283]\n * Database: Fix slow permission query in folder/dashboard search. [#17427]\n * Explore: Fix updating time range before running queries. [#17349]\n * Plugins: Fix plugin config page navigation when using subpath. [#17364]\n- Update to version 6.2.1\n * CLI: Add command to migrate all data sources to use encrypted password fields . [#17118]\n * Gauge/BarGauge: Improvements to auto value font size . [#17292]\n * Auth Proxy: Resolve database is locked errors. [#17274]\n * Database: Retry transaction if sqlite returns database is locked error. [#17276]\n * Explore: Fix filtering query by clicked value when a Prometheus Table is\n clicked. [#17083]\n * Singlestat: Fix issue with value placement and line wraps. [#17249]\n * Tech: Update jQuery to 3.4.1 to fix issue on iOS 10 based browsers as well\n as Chrome 53.x. [#17290]\n- Update to version 6.2.0\n * BarGauge: Fix for negative min values. [#17192]\n * Gauge/BarGauge: Fix for issues editing min & max options. [#17174]\n * Search: Make only folder name only open search with current folder filter. [#17226]\n * AzureMonitor: Revert to clearing chained dropdowns. [#17212]\n * Data source plugins that process hidden queries need to add a\n 'hiddenQueries: true' attribute in plugin.json. [#17124]\n * Plugins: Support templated urls in plugin routes. [#16599]\n * Packaging: New MSI windows installer package\\*\\*. [#17073]\n * Dashboard: Fix blank dashboard after window resize with panel without\n title. [#16942]\n * Dashboard: Fix lazy loading & expanding collapsed rows on mobile. [#17055]\n * Dashboard: Fix scrolling issues for Edge browser. [#17033]\n * Dashboard: Show refresh button in first kiosk(tv) mode. [#17032]\n * Explore: Fix empty result from data source should render logs container. [#16999]\n * Explore: Filter query by clicked value when clicking in a Prometheus Table [#17083]\n * Explore: Makes it possible to zoom in Explore/Loki/Graph without exception. [#16991]\n * Gauge: Fix orientation issue after switching from BarGauge to Gauge. [#17064]\n * GettingStarted: Fix layout issues in getting started panel. [#16941]\n * InfluxDB: Fix HTTP method should default to GET. [#16949]\n * Panels: Fix alert icon position in panel header. [#17070]\n * Panels: Fix panel error tooltip not showing. [#16993]\n * Plugins: Fix how datemath utils are exposed to plugins. [#16976]\n * Singlestat: fixed centering issue for very small panels. [#16944]\n * Search: Scroll issue in dashboard search in latest Chrome. [#17054]\n * Gauge: Adds background shade to gauge track and improves height usage. [#17019]\n * RemoteCache: Avoid race condition in Set causing error on insert. . [#17082]\n * Admin: Add more stats about roles. [#16667]\n * Alert list panel: Support variables in filters. [#16892]\n * Alerting: Adjust label for send on all alerts to default . [#16554]\n * Alerting: Makes timeouts and retries configurable. [#16259]\n * Alerting: No notification when going from no data to pending. [#16905]\n * Alerting: Pushover alert, support for different sound for OK. [#16525]\n * Auth: Enable retries and transaction for some db calls for auth tokens. [#16785]\n * AzureMonitor: Adds support for multiple subscriptions per data source. [#16922]\n * Bar Gauge: New multi series enabled gauge like panel with horizontal and\n vertical layouts and 3 display modes. [#16918]\n * Build: Upgrades to golang 1.12.4. [#16545]\n * CloudWatch: Update AWS/IoT metric and dimensions. [#16337]\n * Config: Show user-friendly error message instead of stack trace. [#16564]\n * Dashboard: Enable filtering dashboards in search by current folder. [#16790]\n * Dashboard: Lazy load out of view panels . [#15554]\n * DataProxy: Restore Set-Cookie header after proxy request. [#16838]\n * Data Sources: Add pattern validation for time input on data source config\n pages. [#16837]\n * Elasticsearch: Add 7.x version support. [#16646]\n * Explore: Adds reconnect for failing data source. [#16226]\n * Explore: Support user timezone. [#16469]\n * InfluxDB: Add support for POST HTTP verb. [#16690]\n * Loki: Search is now case insensitive. [#15948]\n * OAuth: Update jwt regexp to include `=`. [#16521]\n * Panels: No title will no longer make panel header take up space. [#16884]\n * Prometheus: Adds tracing headers for Prometheus datasource. [#16724]\n * Provisioning: Add API endpoint to reload provisioning configs. [#16579]\n * Provisioning: Do not allow deletion of provisioned dashboards. [#16211]\n * Provisioning: Interpolate env vars in provisioning files. [#16499]\n * Provisioning: Support FolderUid in Dashboard Provisioning Config. [#16559]\n * Security: Add new setting allow_embedding. [#16853]\n * Security: Store data source passwords encrypted in secureJsonData. [#16175]\n * UX: Improve Grafana usage for smaller screens. [#16783]\n * Units: Add angle units, Arc Minutes and Seconds. [#16271]\n * CloudWatch: Fix query order not affecting series ordering & color. [#16408]\n * CloudWatch: Use default alias if there is no alias for metrics. [#16732]\n * Config: Fix bug where timeouts for alerting was not parsed correctly. [#16784]\n * Elasticsearch: Fix view percentiles metric in table without date histogram. [#15686]\n * Explore: Prevents histogram loading from killing Prometheus instance. [#16768]\n * Graph: Allow override decimals to fully override. [#16414]\n * Mixed Data Source: Fix error when one query is disabled. [#16409]\n * Search: Fix search limits and add a page parameter. [#16458]\n * Security: Responses from backend should not be cached. [#16848]\n * Gauge Panel: The suffix / prefix options have been removed from the new\n Gauge Panel (introduced in v6.0). [#16870]\n- Update to version 6.1.6\n * Security: Bump jQuery to 3.4.0 . [#16761]\n * Playlist: Fix loading dashboards by tag. [#16727]\n- Update to version 6.1.4\n * DataPanel: Added missing built-in interval variables to scopedVars. [#16556]\n * Explore: Adds maxDataPoints to data source query options . [#16513]\n * Explore: Recalculate intervals on run query. [#16510]\n * Heatmap: Fix for empty graph when panel is too narrow (#16378). [#16460]\n * Heatmap: Fix auto decimals when bucket name is not number. [#16609]\n * QueryInspector: Now shows error responses again. [#16514]\n- Update to version 6.1.3\n * Graph: Fix auto decimals in legend values for some units like `ms` and\n `s`. [#16455]\n * Graph: Fix png rendering with legend to the right. [#16463]\n * Singlestat: Use decimals when manually specified. [#16451]\n * Fix broken UI switches: Default Data Source switch, Explore Logs switches,\n Gauge option switches. [#16303]\n- Update to version 6.1.2\n * Graph: Fix series legend color for hidden series. [#16438]\n * Graph: Fix tooltip highlight on white theme. [#16429]\n * Styles: Fix menu hover highlight border. [#16431]\n * Singlestat Panel: Correctly use the override decimals. [#16413]\n- Update to version 6.1.1\n * Graphite: Editing graphite query function now works again. [#16390]\n * Playlist: Kiosk & auto fit panels modes are working normally again . [#16403]\n\n * QueryEditors: Toggle edit mode now always work on slower computers. [#16394]\n- Update to version 6.1.0\n * CloudWatch: Fix for dimension value list when changing dimension key. [#16356]\n * Graphite: Editing function arguments now works again. [#16297]\n * InfluxDB: Fix tag names with periods in alert evaluation. [#16255]\n * PngRendering: Fix for panel height & title centering . [#16351]\n * Templating: Fix for editing query variables. [#16299]\n * Prometheus: adhoc filter support [#8253]\n * Permissions: Editors can become admin for dashboards, folders and teams\n they create. [#15977]\n * Alerting: Don't include non-existing image in MS Teams notifications. [#16116]\n * Api: Invalid org invite code [#10506]\n * Annotations: Fix for native annotations filtered by template variable with\n pipe. [#15515]\n * Dashboard: Fix for time regions spanning across midnight. [#16201]\n * Data Source: Handles nil jsondata field gracefully [#14239]\n * Data Source: Empty user/password was not updated when updating data sources [#15608]\n * Elasticsearch: Fix using template variables in the alias field. [#16229]\n * Elasticsearch: Fix incorrect index pattern padding in alerting queries. [#15892]\n * Explore: Fix for Prometheus autocomplete not working in Firefox. [#16192]\n * Explore: Fix for url does not keep query after browser refresh. [#16189]\n * Gauge: Interpolate scoped variables in repeated gauges [#15739]\n * Graphite: Fix issue with using series ref and series by tag. [#16111]\n * Graphite: Fix variable quoting when variable value is numeric. [#16149]\n * Heatmap: Fix Y-axis tick labels being in wrong order for some Prometheus\n queries. [#15932]\n * Heatmap: Negative values are now displayed correctly in graph & legend. [#15953]\n * Heatmap: legend shows wrong colors for small values [#14019]\n * InfluxDB: Always close request body even for error status codes. [#16207]\n * ManageDashboards: Fix for checkboxes not appearing properly Firefox . [#15981]\n * Playlist: Leaving playlist now always stops playlist . [#15791]\n * Prometheus: fixes regex ad-hoc filters variables with wildcards. [#16234]\n * TablePanel: Column color style now works even after removing columns. [#16227]\n * TablePanel: Fix for white text on white background when value is null. [#16199]\n- Update to version 6.0.2\n * Alerting: Fix issue with AlertList panel links resulting in panel not\n found errors. [#15975]\n * Dashboard: Improved error handling when rendering dashboard panels. [#15970]\n * LDAP: Fix allow anonymous server bind for ldap search. [#15872]\n * Discord: Fix discord notifier so it doesn't crash when there are no image\n generated. [#15833]\n * Panel Edit: Prevent search in VizPicker from stealing focus. [#15802]\n * Data Source admin: Fix url of back button in data source edit page, when\n root_url configured. [#15759]\n- Update to version 6.0.1\n * Metrics: Fix broken usagestats metrics for /metrics [#15651]\n * Dashboard: append &kiosk to the url in Kiosk mode [#15765]\n * Dashboard: respect header in kiosk=tv mode with autofitpanels [#15650]\n * Image rendering: Fix image rendering issue for dashboards with auto\n refresh. [#15818]\n * Dashboard: Fix only users that can edit a dashboard should be able to\n update panel json. [#15805]\n * LDAP: fix allow anonymous initial bind for ldap search. [#15803]\n * UX: ixed scrollbar not visible initially (only after manual scroll). [#15798]\n * Data Source admin TestData [#15793]\n * Dashboard: Fix scrolling issue that caused scroll to be locked to bottom. [#15792]\n * Explore: Viewers with viewers_can_edit should be able to access /explore. [#15787]\n * Security fix: limit access to org admin and alerting pages. [#15761]\n * Panel Edit minInterval changes did not persist [#15757]\n * Teams: Fix bug when getting teams for user. [#15595]\n * Stackdriver: fix for float64 bounds for distribution metrics [#14509]\n * Stackdriver: no reducers available for distribution type [#15179]\n- Update to version 6.0.0\n * Dashboard: fixes click after scroll in series override menu [#15621]\n * MySQL: fix mysql query using \\_interval_ms variable throws error [#14507]\n * Influxdb: Add support for alerting on InfluxDB queries that use the\n non_negative_difference function [#15415]\n * Alerting: Fix percent_diff calculation when points are nulls [#15443]\n * Alerting: Fix handling of alert urls with true flags [#15454]\n * AzureMonitor: Enable alerting by converting Azure Monitor API to Go [#14623]\n * Security: Fix CSRF Token validation for POSTs [#1441]\n * Internal Metrics Edition has been added to the build_info metric. This will\n break any Graphite queries using this metric. Edition will be a new label\n for the Prometheus metric. [#15363]\n * Gauge: Fix issue with gauge requests being cancelled [#15366]\n * Gauge: Accept decimal inputs for thresholds [#15372]\n * UI: Fix error caused by named colors that are not part of named colors\n palette [#15373]\n * Search: Bug pressing special regexp chars in input fields [#12972]\n * Permissions: No need to have edit permissions to be able to 'Save as' [#13066]\n * Alerting: Adds support for Google Hangouts Chat notifications [#11221]\n * Elasticsearch: Support bucket script pipeline aggregations [#5968]\n * Influxdb: Add support for time zone (`tz`) clause [#10322]\n * Snapshots: Enable deletion of public snapshot [#14109]\n * Provisioning: Provisioning support for alert notifiers [#10487]\n * Explore: A whole new way to do ad-hoc metric queries and exploration. Split\n view in half and compare metrics & logs.\n * Auth: Replace remember me cookie solution for Grafana's builtin, LDAP and\n OAuth authentication with a solution based on short-lived tokens [#15303]\n * Search: Fix for issue with scrolling the 'tags filter' dropdown, fixes [#14486]\n * Prometheus: fix annotation always using 60s step regardless of\n dashboard range [#14795]\n * Annotations: Fix creating annotation when graph panel has no data points\n position the popup outside viewport [#13765]\n * Piechart/Flot: Fix multiple piechart instances with donut bug [#15062]\n * Postgres: Fix default port not added when port not configured [#15189]\n * Alerting: Fix crash bug when alert notifier folders are missing [#15295]\n * Dashboard: Fix save provisioned dashboard modal [#15219]\n * Dashboard: Fix having a long query in prometheus dashboard query editor\n * blocks 30% of the query field when on OSX and having native scrollbars\n [#15122]\n * Explore: Fix issue with wrapping on long queries [#15222]\n * Explore: Fix cut & paste adds newline before and after selection [#15223]\n * Dataproxy: Fix global data source proxy timeout not added to correct http\n client [#15258]\n * Text Panel: The text panel does no longer by default allow unsanitized\n HTML. [#4117]\n * Dashboard: Panel property `minSpan` replaced by `maxPerRow`. Dashboard\n * migration will automatically migrate all dashboard panels using the\n `minSpan` property to the new `maxPerRow` property [#12991]\n- Update to version 5.4.3\n * MySQL only update session in mysql database when required [#14540]\n * Alerting Invalid frequency causes division by zero in alert scheduler [#14810]\n * Dashboard Dashboard links do not update when time range changes [#14493]\n * Limits Support more than 1000 data sources per org [#13883]\n * Backend fix signed in user for orgId=0 result should return active org id [#14574]\n * Provisioning Adds orgId to user dto for provisioned dashboards [#14678]\n- Update to version 5.4.2\n * Data Source admin: Fix for issue creating new data source when same name\n exists [#14467]\n * OAuth: Fix for oauth auto login setting, can now be set using env variable [#14435]\n- Update to version 5.4.1\n * Stackdriver: Fix issue with data proxy and Authorization header [#14262]\n * Units: fixedUnit for Flow:l/min and mL/min [#14294]\n * Logging: Fix for issue where data proxy logged a secret when debug logging\n was enabled, now redacted. [#14319]\n * TSDB: Fix always take dashboard timezone into consideration when handle\n custom time ranges: Add support for alerting on InfluxDB queries that use\n the cumulative_sum function. [#14314]\n * Embedded Graphs: Iframe graph panels should now work as usual. [#14284]\n * Postgres: Improve PostgreSQL Query Editor if using different Schemas, [#14313]\n * Quotas: Fix updating org & user quotas. [#14347]\n * Cloudwatch: Add the AWS/SES Cloudwatch metrics of BounceRate and\n ComplaintRate to auto complete list. [#14401]\n * Dashboard Search: Fix filtering by tag issues.\n * Graph: Fix time region issues, [#14425]\n- Update to version 5.4.0\n * Cloudwatch: Fix invalid time range causes segmentation fault [#14150]\n * Cloudwatch: AWS/CodeBuild metrics and dimensions [#14167]\n * MySQL: Fix `$__timeFrom()` and `$__timeTo()` should respect local time zone [#14228]\n * Graph: Fix legend always visible even if configured to be hidden [#14144]\n * Elasticsearch: Fix regression when using data source version 6.0+ and\n alerting [#14175]\n * Alerting: Introduce alert debouncing with the `FOR` setting. [#7886]\n * Alerting: Option to disable OK alert notifications [#12330]\n * Postgres/MySQL/MSSQL: Adds support for configuration of max open/idle\n connections and connection max lifetime. Also, panels with multiple SQL\n queries will now be executed concurrently [#11711]\n * MySQL: Graphical query builder [#13762]\n * MySQL: Support connecting thru Unix socket for MySQL data source [#12342]\n * MSSQL: Add encrypt setting to allow configuration of how data sent between\n client and server are encrypted [#13629]\n * Stackdriver: Not possible to authenticate using GCE metadata server [#13669]\n * Teams: Team preferences (theme, home dashboard, timezone) support [#12550]\n * Graph: Time regions support enabling highlight of weekdays and/or certain\n timespans [#5930]\n * OAuth: Automatic redirect to sign-in with OAuth [#11893]\n * Stackdriver: Template query editor [#13561]\n * Security: Upgrade macaron session package to fix security issue. [#14043]\n * Postgres/MySQL/MSSQL data sources now per default uses `max open\n connections` = `unlimited` (earlier 10), `max idle connections` = `2`\n (earlier 10) and `connection max lifetime` = `4` hours (earlier unlimited).\n- Update to version 5.3.4\n * Alerting: Delete alerts when parent folder was deleted [#13322]\n * MySQL: Fix `$__timeFilter()` should respect local time zone [#13769]\n * Dashboard: Fix data source selection in panel by enter key [#13932]\n * Graph: Fix table legend height when positioned below graph and using\n Internet Explorer 11 [#13903]\n * Dataproxy: Drop origin and referer http headers [#13328]\n- Update to version 5.3.3\n * Fix file exfiltration vulnerability\n- Update to version 5.3.2\n * InfluxDB/Graphite/Postgres: Prevent XSS in query editor [#13667]\n * Postgres: Fix template variables error [#13692]\n * Cloudwatch: Fix service panic because of race conditions [#13674]\n * Cloudwatch: Fix check for invalid percentile statistics [#13633]\n * Stackdriver/Cloudwatch: Allow user to change unit in graph panel if\n cloudwatch/stackdriver data source response doesn't include unit [#13718]\n * Stackdriver: stackdriver user-metrics duplicated response when multiple\n resource types [#13691]\n * Variables: Fix text box template variable doesn't work properly without a\n default value [#13666]\n * Variables: Fix variable dependency check when using `${var}` format [#13600]\n * Dashboard: Fix kiosk=1 url parameter should put dashboard in kiosk mode [#13764]\n * LDAP: Fix super admins can also be admins of orgs [#13710]\n * Provisioning: Fix deleting provisioned dashboard folder should cleanup\n provisioning meta data [#13280]\n- Update to version 5.3.1\n * Render: Fix PhantomJS render of graph panel when legend displayed as table\n to the right [#13616]\n * Stackdriver: Filter option disappears after removing initial filter [#13607]\n * Elasticsearch: Fix no limit size in terms aggregation for alerting queries [#13172]\n * InfluxDB: Fix for annotation issue that caused text to be shown twice [#13553]\n * Variables: Fix nesting variables leads to exception and missing refresh [#13628]\n * Variables: Prometheus: Single letter labels are not supported [#13641]\n * Graph: Fix graph time formatting for Last 24h ranges [#13650]\n * Playlist: Fix cannot add dashboards with long names to playlist [#13464]\n * HTTP API: Fix /api/org/users so that query and limit querystrings works\n- Update to version 5.3.0\n * Stackdriver: Filter wildcards and regex matching are not yet supported [#13495]\n * Stackdriver: Support the distribution metric type for heatmaps [#13559]\n * Cloudwatch: Automatically set graph yaxis unit [#13575]\n * Stackdriver: Fix for missing ngInject [#13511]\n * Permissions: Fix for broken permissions selector [#13507]\n * Alerting: Alert reminders deduping not working as expected when running\n multiple Grafana instances [#13492]\n * Annotations: Enable template variables in tagged annotations queries [#9735]\n * Stackdriver: Support for Google Stackdriver data source [#13289]\n * Alerting: Notification reminders [#7330]\n * Dashboard: TV & Kiosk mode changes, new cycle view mode button in dashboard\n toolbar [#13025]\n * OAuth: Gitlab OAuth with support for filter by groups [#5623]\n * Postgres: Graphical query builder [#10095]\n * LDAP: Define Grafana Admin permission in ldap group mappings [#2469]\n * LDAP: Client certificates support [#12805]\n * Profile: List teams that the user is member of in current/active\n organization [#12476]\n * Configuration: Allow auto-assigning users to specific organization (other\n than Main. Org) [#1823]\n * Dataproxy: Pass configured/auth headers to a data source [#10971]\n * CloudWatch: GetMetricData support [#11487]\n * Postgres: TimescaleDB support, e.g. use `time_bucket` for grouping by time\n when option enabled [#12680]\n * Cleanup: Make temp file time to live configurable [#11607]\n * Postgres data source no longer automatically adds time column alias when\n using the $__timeGroup alias.\n * Kiosk mode now also hides submenu (variables)\n * ?inactive url parameter no longer supported, replaced with kiosk=tv url parameter\n * Dashboard: Auto fit dashboard panels to optimize space used for current TV\n or Monitor [#12768]\n * Frontend: Convert all Frontend Karma tests to Jest tests [#12224]\n * Backend: Upgrade to golang 1.11 [#13030]\n- Update to version 5.2.4\n * GrafanaCli: Fix issue with grafana-cli install plugin resulting in\n corrupt http response from source error. [#13079]\n- Update to version 5.2.3\n * Important fix for LDAP & OAuth login vulnerability\n- Update to version 5.2.2\n * Prometheus: Fix graph panel bar width issue in aligned prometheus queries [#12379]\n * Dashboard: Dashboard links not updated when changing variables [#12506]\n * Postgres/MySQL/MSSQL: Fix connection leak [#12636]\n * Plugins: Fix loading of external plugins [#12551]\n * Dashboard: Remove unwanted scrollbars in embedded panels [#12589]\n * Prometheus: Prevent error using \\$\\_\\_interval_ms in query [#12533]\n- Update to version 5.2.1\n * Auth Proxy: Important security fix for whitelist of IP address feature [#12444]\n * UI: Fix - Grafana footer overlapping page [#12430]\n * Logging: Errors should be reported before crashing [#12438]\n- Update to version 5.2.0\n * Plugins: Handle errors correctly when loading data source plugin [#12383]\n * Render: Enhance error message if phantomjs executable is not found [#11868]\n * Dashboard: Set correct text in drop down when variable is present in url [#11968]\n * LDAP: Handle 'dn' ldap attribute more gracefully [#12385]\n * Dashboard: Import dashboard to folder [#10796]\n * Permissions: Important security fix for API keys with viewer role [#12343]\n * Dashboard: Fix so panel titles doesn't wrap [#11074]\n * Dashboard: Prevent double-click when saving dashboard [#11963]\n * Dashboard: AutoFocus the add-panel search filter [#12189]\n * Units: W/m2 (energy), l/h (flow) and kPa (pressure) [#11233]\n * Units: Liter/min (flow) and milliLiter/min (flow) [#12282]\n * Alerting: Fix mobile notifications for Microsoft Teams alert notifier [#11484]\n * Influxdb: Add support for mode function [#12286]\n * Cloudwatch: Fix panic caused by bad timerange settings [#12199]\n * Auth Proxy: Whitelist proxy IP address instead of client IP address [#10707]\n * User Management: Make sure that a user always has a current org assigned [#11076]\n * Snapshots: Fix: annotations not properly extracted leading to incorrect\n rendering of annotations [#12278]\n * LDAP: Allow use of DN in group_search_filter_user_attribute and member_of [#3132]\n * Graph: Fix legend decimals precision calculation [#11792]\n * Dashboard: Make sure to process panels in collapsed rows when exporting\n dashboard [#12256]\n * Dashboard: Dashboard link doesn't work when 'As dropdown' option is checked [#12315]\n * Dashboard: Fix regressions after save modal changes, including adhoc\n template issues [#12240]\n * Elasticsearch: Alerting support [#5893]\n * Build: Crosscompile and packages Grafana on arm, windows, linux and darwin [#11920]\n * Login: Change admin password after first login [#11882]\n * Alert list panel: Updated to support filtering alerts by name, dashboard\n title, folder, tags [#11500]\n * Dashboard: Modified time range and variables are now not saved by default [#10748]\n * Graph: Show invisible highest value bucket in histogram [#11498]\n * Dashboard: Enable 'Save As...' if user has edit permission [#11625]\n * Prometheus: Query dates are now step-aligned [#10434]\n * Prometheus: Table columns order now changes when rearrange queries [#11690]\n * Variables: Fix variable interpolation when using multiple formatting types [#11800]\n * Dashboard: Fix date selector styling for dark/light theme in time picker\n control [#11616]\n * Discord: Alert notification channel type for Discord, [#7964]\n * InfluxDB: Support SELECT queries in templating query, [#5013]\n * InfluxDB: Support count distinct aggregation [#11645]\n * Dashboard: JSON Model under dashboard settings can now be updated & changes\n saved. [#1429]\n * Security: Fix XSS vulnerabilities in dashboard links [#11813]\n * Singlestat: Fix 'time of last point' shows local time when dashboard\n timezone set to UTC [#10338]\n * Prometheus: Add support for passing timeout parameter to Prometheus [#11788]\n * Login: Add optional option sign out url for generic oauth [#9847]\n * Login: Use proxy server from environment variable if available [#9703]\n * Invite users: Friendlier error message when smtp is not configured [#12087]\n * Graphite: Don't send distributed tracing headers when using direct/browser\n access mode [#11494]\n * Sidenav: Show create dashboard link for viewers if at least editor in one\n folder [#11858]\n * SQL: Second epochs are now correctly converted to ms. [#12085]\n * Singlestat: Fix singlestat threshold tooltip [#11971]\n * Dashboard: Hide grid controls in fullscreen/low-activity views [#11771]\n * Dashboard: Validate uid when importing dashboards [#11515]\n * Alert list panel: Show alerts for user with viewer role [#11167]\n * Provisioning: Verify checksum of dashboards before updating to reduce load\n on database [#11670]\n * Provisioning: Support symlinked files in dashboard provisioning config\n files [#11958]\n * Dashboard list panel: Search dashboards by folder [#11525]\n * Sidenav: Always show server admin link in sidenav if grafana admin [#11657]\n- Update to version 5.1.4\n * Permissions: Important security fix for API keys with viewer role [#12343]\n- Update to version 5.1.3\n * Scroll: Graph panel / legend texts shifts on the left each time we move\n scrollbar on firefox [#11830]\n- Update to version 5.1.2\n * Database: Fix MySql migration issue [#11862]\n * Google Analytics: Enable Google Analytics anonymizeIP setting for GDPR [#11656]\n- Update to version 5.1.1\n * LDAP: LDAP login with MariaDB/MySQL database and dn>100 chars not possible [#11754]\n * Build: AppVeyor Windows build missing version and commit info [#11758]\n * Scroll: Scroll can't start in graphs on Chrome mobile [#11710]\n * Units: Revert renaming of unit key ppm [#11743]\n- Update to version 5.1.0\n * Folders: Default permissions on folder are not shown as inherited in its\n dashboards [#11668]\n * Templating: Allow more than 20 previews when creating a variable [#11508]\n * Dashboard: Row edit icon not shown [#11466]\n * SQL: Unsupported data types for value column using time series query [#11703]\n * Prometheus: Prometheus query inspector expands to be very large on\n autocomplete queries [#11673]\n * MSSQL: New Microsoft SQL Server data source [#10093]\n * Prometheus: The heatmap panel now support Prometheus histograms [#10009]\n * Postgres/MySQL: Ability to insert 0s or nulls for missing intervals [#9487]\n * Postgres/MySQL/MSSQL: Fix precision for the time column in table mode [#11306]\n * Graph: Align left and right Y-axes to one level [#1271]\n * Graph: Thresholds for Right Y axis [#7107]\n * Graph: Support multiple series stacking in histogram mode [#8151]\n * Alerting: Pausing/un alerts now updates new_state_date [#10942]\n * Alerting: Support Pagerduty notification channel using Pagerduty V2 API [#10531]\n * Templating: Add comma templating format [#10632]\n * Prometheus: Show template variable candidate in query editor [#9210]\n * Prometheus: Support POST for query and query_range [#9859]\n * Alerting: Add support for retries on alert queries [#5855]\n * Table: Table plugin value mappings [#7119]\n * IE11: IE 11 compatibility [#11165]\n * Scrolling: Better scrolling experience [#11053]\n * Folders: A folder admin cannot add user/team permissions for folder/its\n dashboards [#11173]\n * Provisioning: Improved workflow for provisioned dashboards [#10883]\n * OpsGenie: Add triggered alerts as description [#11046]\n * Cloudwatch: Support high resolution metrics [#10925]\n * Cloudwatch: Add dimension filtering to CloudWatch `dimension_values()` [#10029]\n * Units: Second to HH:mm:ss formatter [#11107]\n * Singlestat: Add color to prefix and postfix in singlestat panel [#11143]\n * Dashboards: Version cleanup fails on old databases with many entries [#11278]\n * Server: Adjust permissions of unix socket [#11343]\n * Shortcuts: Add shortcut for duplicate panel [#11102]\n * AuthProxy: Support IPv6 in Auth proxy white list [#11330]\n * SMTP: Don't connect to STMP server using TLS unless configured. [#7189]\n * Prometheus: Escape backslash in labels correctly. [#10555]\n * Variables: Case-insensitive sorting for template values [#11128]\n * Annotations (native): Change default limit from 10 to 100 when querying api [#11569]\n * MySQL/Postgres/MSSQL: PostgreSQL data source generates invalid query with\n dates before 1970 [#11530]\n * Kiosk: Adds url parameter for starting a dashboard in inactive mode [#11228]\n * Dashboard: Enable closing timepicker using escape key [#11332]\n * Data Sources: Rename direct access mode in the data source settings [#11391]\n * Search: Display dashboards in folder indented [#11073]\n * Units: Use B/s instead Bps for Bytes per second [#9342]\n * Units: Radiation units [#11001]\n * Units: Timeticks unit [#11183]\n * Units: Concentration units and 'Normal cubic meter' [#11211]\n * Units: New currency - Czech koruna [#11384]\n * Avatar: Fix DISABLE_GRAVATAR option [#11095]\n * Heatmap: Disable log scale when using time time series buckets [#10792]\n * Provisioning: Remove `id` from json when provisioning dashboards, [#11138]\n * Prometheus: tooltip for legend format not showing properly [#11516]\n * Playlist: Empty playlists cannot be deleted [#11133]\n * Switch Orgs: Alphabetic order in Switch Organization modal [#11556]\n * Postgres: improve `$__timeFilter` macro [#11578]\n * Permission list: Improved ux [#10747]\n * Dashboard: Sizing and positioning of settings menu icons [#11572]\n * Dashboard: Add search filter/tabs to new panel control [#10427]\n * Folders: User with org viewer role should not be able to save/move\n dashboards in/to general folder [#11553]\n * Influxdb: Don't assume the first column in table response is time. [#11476]\n- Update to version 5.0.4\n * Dashboard Fix inability to link collapsed panels directly to [#11114]\n * Dashboard Provisioning dashboard with alert rules should create alerts [#11247]\n * Snapshots For snapshots, the Graph panel renders the legend incorrectly on\n right hand side [#11318]\n * Alerting Link back to Grafana returns wrong URL if root_path contains\n sub-path components [#11403]\n * Alerting Incorrect default value for upload images setting for alert\n notifiers [#11413]\n- Update to version 5.0.3\n * Mysql: Mysql panic occurring occasionally upon Grafana dashboard access (a\n bigger patch than the one in 5.0.2) [#11155]\n- Update to version 5.0.2\n * Mysql: Mysql panic occurring occasionally upon Grafana dashboard access [#11155]\n * Dashboards: Should be possible to browse dashboard using only uid [#11231]\n * Alerting: Fix bug where alerts from hidden panels where deleted [#11222]\n * Import: Fix bug where dashboards with alerts couldn't be imported [#11227]\n * Teams: Remove quota restrictions from teams [#11220]\n * Render: Fix bug with legacy url redirection for panel rendering [#11180]\n- Update to version 5.0.1\n * Postgres: PostgreSQL error when using ipv6 address as hostname in\n connection string [#11055]\n * Dashboards: Changing templated value from dropdown is causing unsaved\n changes [#11063]\n * Prometheus: Fix bundled Prometheus 2.0 dashboard [#11016]\n * Sidemenu: Profile menu 'invisible' when gravatar is disabled [#11097]\n * Dashboard: Fix a bug with resizable handles for panels [#11103]\n * Alerting: Telegram inline image mode fails when caption too long [#10975]\n * Alerting: Fix silent failing validation [#11145]\n * OAuth: Only use jwt token if it contains an email address [#11127]\n- Update to version 5.0.0\n * oauth Fix GitHub OAuth not working with private Organizations [#11028]\n * kiosk white area over bottom panels in kiosk mode [#11010]\n * alerting Fix OK state doesn't show up in Microsoft Teams [#11032]\n * Permissions Fix search permissions issues [#10822]\n * Permissions Fix problem issues displaying permissions lists [#10864]\n * PNG-Rendering Fix problem rendering legend to the right [#10526]\n * Reset password Fix problem with reset password form [#10870]\n * Light theme Fix problem with light theme in safari, [#10869]\n * Provisioning Now handles deletes when dashboard json files removed from\n disk [#10865]\n * MySQL: Fix issue with schema migration on old mysql (index too long) [#10779]\n * GitHub OAuth: Fix fetching github orgs from private github org [#10823]\n * Embedding:Fix issues with embedding panel [#10787]\n * Dashboards: Dashboard folders, [#1611]\n * Teams User groups (teams) implemented. Can be used in folder & dashboard\n permission list.\n\n * Dashboard grid: Panels are now laid out in a two dimensional grid (with x,\n y, w, h). [#9093]\n * Templating: Vertical repeat direction for panel repeats.\n * UX: Major update to page header and navigation\n * Dashboard settings: Combine dashboard settings views into one with side menu, [#9750]\n * Persistent dashboard url's: New url's for dashboards that allows renaming\n dashboards without breaking links. [#7883]\n * dashboard.json files have been replaced with dashboard provisioning API.\n * Config files for provisioning data sources as configuration have changed\n from /etc/grafana/conf/datasources to /etc/grafana/provisioning/datasources.\n * Pagerduty notifier now defaults to not auto resolve incidents. More details at [#10222]\n * `GET /api/alerts` property dashboardUri renamed to url\n * New grid engine for positioning dashboard panels\n * Alerting: Add support for internal image store [#6922]\n * Data Source Proxy: Add support for whitelisting specified cookies to be\n be passed through to the data source when proxying [#5457]\n * Postgres/MySQL: add \\_\\_timeGroup macro for mysql [#9596]\n * Text: Text panel are now edited in the ace editor. [#9698]\n * Teams: Add Microsoft Teams notifier as [#8523]\n * Data Sources: Its now possible to configure data sources with config files [#1789]\n * Graphite: Query editor updated to support new query by tag features [#9230]\n * Dashboard history: New config file option versions_to_keep sets how many\n versions per dashboard to store, [#9671]\n * Dashboard as cfg: Load dashboards from file into Grafana on startup/change [#9654]\n * Prometheus: Grafana can now send alerts to Prometheus Alertmanager while\n firing [#7481]\n * Table: Support multiple table formatted queries in table panel [#9170]\n * Security: Protect against brute force (frequent) login attempts [#7616]\n * Graph: Don't hide graph display options (Lines/Points) when draw mode is\n unchecked [#9770]\n * Alert panel: Adds placeholder text when no alerts are within the time range [#9624]\n * Mysql: MySQL enable MaxOpenCon and MaxIdleCon regards how constring is\n configured. [#9784]\n * Cloudwatch: Fix broken query inspector for cloudwatch [#9661]\n * Dashboard: Make it possible to start dashboards from search and dashboard\n list panel [#1871]\n * Annotations: Posting annotations now return the id of the annotation [#9798]\n * Systemd: Use systemd notification ready flag [#10024]\n * GitHub: Use organizations_url provided from github to verify user belongs\n in org. [#10111]\n * Backend: Fix bug where Grafana exited before all sub routines where finished [#10131]\n * Azure: Adds support for Azure blob storage as external image stor [#8955]\n * Telegram: Add support for inline image uploads to telegram notifier plugin [#9967]\n * Sensu: Send alert message to sensu output [#9551]\n * Singlestat: suppress error when result contains no datapoints [#9636]\n * Postgres/MySQL: Control quoting in SQL-queries when using template variables [#9030]\n * Pagerduty: Pagerduty don't auto resolve incidents by default anymore. [#10222]\n * Cloudwatch: Fix for multi-valued templated queries. [#9903]\n * RabbitMq: Remove support for publishing events to RabbitMQ [#9645]\n * API: GET /api/dashboards/db/:slug deprecated, use GET /api/dashboards/uid/:uid\n * API: DELETE /api/dashboards/db/:slug deprecated, use DELETE /api/dashboards/uid/:uid\n * API: `uri` property in GET /api/search deprecated, use `url` or `uid` property\n * API: `meta.slug` property in GET /api/dashboards/uid/:uid and GET\n /api/dashboards/db/:slug deprecated, use `meta.url` or `dashboard.uid` property\n\nChanges in grafana-natel-discrete-panel:\n- Add recompress source service\n- Add set_version source service\n- Enable changesgenerate for tar_scm source service\n- Update to version 0.0.9:\n * split commands\n * put back the history\n\nChanges in openstack-cinder:\n- Update to version cinder-11.2.3.dev29:\n * Remove VxFlex OS credentials from connection\\_properties\n * Fix stable/pike gate\n * tintri: Enable SSL with requests\n * [Unity] Fix TypeError for test case test\\_delete\\_host\\_wo\\_lock\n\nChanges in openstack-cinder:\n- Update to version cinder-11.2.3.dev29:\n * Remove VxFlex OS credentials from connection\\_properties\n * Fix stable/pike gate\n * tintri: Enable SSL with requests\n * [Unity] Fix TypeError for test case test\\_delete\\_host\\_wo\\_lock\n\nChanges in openstack-monasca-installer:\n- Add 0001-Add-support-for-ansible-2.9.patch\n\nChanges in openstack-neutron:\n- Update to version neutron-11.0.9.dev69:\n * Do not block connection between br-int and br-phys on startup\n * [EM releases] Move non-voting jobs to the experimental queue\n\n- Update to version neutron-11.0.9.dev66:\n * Fix pike gates, multiple fixes\n\nChanges in openstack-neutron:\n- Add 0001-Ensure-drop-flows-on-br-int-at-agent-startup-for-DVR-too.patch (LP#1887148)\n\n- Update to version neutron-11.0.9.dev69:\n * Do not block connection between br-int and br-phys on startup\n * [EM releases] Move non-voting jobs to the experimental queue\n\n- Update to version neutron-11.0.9.dev66:\n * Fix pike gates, multiple fixes\n\nChanges in openstack-nova:\n- Update to version nova-16.1.9.dev76:\n * Removed the host FQDN from the exception message\n\n- Update to version nova-16.1.9.dev74:\n * libvirt: Provide VIR\\_MIGRATE\\_PARAM\\_PERSIST\\_XML during live migration\n\n- Update to version nova-16.1.9.dev73:\n * Fix os-simple-tenant-usage result order\n\n- Update to version nova-16.1.9.dev71:\n * Fix false ERROR message at compute restart\n\n- Update to version nova-16.1.9.dev69:\n * Check cherry-pick hashes in pep8 tox target\n\n- Update to version nova-16.1.9.dev67:\n * libvirt: Do not reraise DiskNotFound exceptions during resize\n\n- Update to version nova-16.1.9.dev66:\n * Clean up allocation if unshelve fails due to neutron\n * Reproduce bug 1862633\n\n- Update to version nova-16.1.9.dev64:\n * Init HostState.failed\\_builds\n\n- Update to version nova-16.1.9.dev62:\n * Fix os\\_CODENAME detection and repo refresh during ceph tests\n\nChanges in openstack-nova:\n- Update to version nova-16.1.9.dev76:\n * Removed the host FQDN from the exception message\n\n- Rebased patches:\n + 0004-Provide-VIR_MIGRATE_PARAM_PERSIST_XML-during-live-migration.patch dropped (merged upstream)\n\n- Update to version nova-16.1.9.dev74:\n * libvirt: Provide VIR\\_MIGRATE\\_PARAM\\_PERSIST\\_XML during live migration\n\n- Add 0004-Provide-VIR_MIGRATE_PARAM_PERSIST_XML-during-live-migration.patch\n * (bsc#1175484, CVE-2020-17376)\n\n- Update to version nova-16.1.9.dev73:\n * Fix os-simple-tenant-usage result order\n\n- Update to version nova-16.1.9.dev71:\n * Fix false ERROR message at compute restart\n\n- Update to version nova-16.1.9.dev69:\n * Check cherry-pick hashes in pep8 tox target\n\n- Update to version nova-16.1.9.dev67:\n * libvirt: Do not reraise DiskNotFound exceptions during resize\n\n- Update to version nova-16.1.9.dev66:\n * Clean up allocation if unshelve fails due to neutron\n * Reproduce bug 1862633\n\n- Update to version nova-16.1.9.dev64:\n * Init HostState.failed\\_builds\n\n- Update to version nova-16.1.9.dev62:\n * Fix os\\_CODENAME detection and repo refresh during ceph tests\n\nChanges in python-Django:\n- Update to version 1.11.29 (bsc#1161919, CVE-2020-7471, bsc#1165022, CVE-2020-9402, bsc#1159447, CVE-2019-19844)\n * Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions and aggregates on Oracle.\n * Pinned PyYAML < 5.3 in test requirements.\n * Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter.\n * Fixed timezones tests for PyYAML 5.3+.\n * Fixed CVE-2019-19844 -- Used verified user email for password reset requests.\n * Fixed #31073 -- Prevented CheckboxInput.get_context() from mutating attrs.\n * Fixed #30826 -- Fixed crash of many JSONField lookups when one hand side is key transform.\n * Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation.\n * Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params.\n\n * Added patch CVE-2020-13254.patch\n * Added patch CVE-2020-13596.patch\nChanges in python-Flask-Cors:\n- Add patches to fix a relative directory traversal issue\n (boo#1175986, CVE-2020-25032):\n * 0001-Handle-request_headers-None.patch\n * 0002-Fix-request-path-normalization.patch\n\nChanges in python-Pillow:\n- Add 011-Fix-OOB-reads-in-FLI-decoding.patch\n * From upstream, backported\n * Fixes CVE-2020-10177, bsc#1173413\n- Add 012-Fix-bounds-overflow-in-JPEG-2000-decoding.patch\n * From upstream, backported\n * Fixes CVE-2020-10994, bsc#1173418\n- Add 013-Fix-bounds-overflow-in-PCX-decoding.patch\n * From upstream, backported\n * Fixes CVE-2020-10378, bsc#1173416\n\nChanges in python-ardana-packager:\n- fetch updated nova_host_aggregate from git\n - Add missing novaclient required domain entries (bsc#1174006) \n\nChanges in python-keystoneclient:\n- add 2020-tests-pass.patch:\n - Make tests pass in 2020 \n\n- update to version 3.13.1\n - Updated from global requirements\n - Update .gitreview for stable/pike\n - Update UPPER_CONSTRAINTS_FILE for stable/pike\n - import zuul job settings from project-config\n - Avoid tox_install.sh for constraints support\n\nChanges in python-keystonemiddleware:\n- added 0001-Make-tests-pass-in-2022.patch\n- removed 0001-Add-use_oslo_messaging-option.patch\n\n- update to version 4.17.1\n - Update .gitreview for stable/pike\n - Update UPPER_CONSTRAINTS_FILE for stable/pike\n - Add option to disable using oslo_message notifier\n - Fix docs builds\n - Updated from global requirements\n - import zuul job settings from project-config\n\nChanges in python-kombu:\n- Add 0001-Fix-failing-unittests-of-pyamqp-transport.patch\n\nChanges in python-straight-plugin:\n\n- Add pip_no_plugins.patch to avoid error: 'UnboundLocalError:\n local variable 'r' referenced before assignment', when there\n is no plugin available.\n\n- Initial packaging\n\nChanges in python-urllib3:\n- Update urllib3-fix-test-urls.patch. Adjust to match upstream solution.\n\n- Add urllib3-fix-test-urls.patch. Fix tests failing on python checks for\n CVE-2019-9740.\n\n- Add urllib3-cve-2020-26137.patch. Don't allow control chars in request\n method. (bsc#1177120, CVE-2020-26137)\n\nChanges in release-notes-suse-openstack-cloud:\n- Update to version 8.20200922:\n * postgreSQL db replace changes are updated for suse openstack cloud section (SOC-11000)\n\nChanges in storm:\n- Fix duplicate BuildRequire on storm-kit\n- update to 1.2.3 (SOC-9974, CVE-2019-0202, SOC-9998, CVE-2018-11779):\n * 1.2.3\n * [STORM-3233] - Upgrade zookeeper client to newest version (3.4.13)\n * [STORM-3077] - Upgrade Disruptor version to 3.3.11\n * [STORM-3083] - Upgrade HikariCP version to 2.4.7\n * [STORM-3094] - Topology name needs to be validated at storm-client\n * [STORM-3222] - Fix KafkaSpout internals to use LinkedList instead of ArrayList\n * [STORM-3292] - Trident HiveState must flush writers when the batch commits\n * [STORM-3013] - Deactivated topology restarts if data flows into Kafka\n * [STORM-3028] - HdfsSpout does not handle empty files in case of ack enabled\n * [STORM-3046] - Getting a NPE leading worker to die when starting a topology.\n * [STORM-3047] - Ensure Trident emitter refreshPartitions is only called with partitions assigned to the emitter\n * [STORM-3055] - never refresh connection\n * [STORM-3068] - STORM_JAR_JVM_OPTS are not passed to storm-kafka-monitor properly\n * [STORM-3082] - NamedTopicFilter can't handle topics that don't exist yet\n * [STORM-3087] - FluxBuilder.canInvokeWithArgs is too permissive when the method parameter type is a primitive\n * [STORM-3090] - The same offset value is used by the same partition number of different topics.\n * [STORM-3097] - Remove storm-druid in 2.x and deprecate support for it in 1.x\n * [STORM-3102] - Storm Kafka Client performance issues with Kafka Client v1.0.0\n * [STORM-3109] - Wrong canonical path set to STORM_LOCAL_DIR in storm kill_workers\n * [STORM-3110] - Supervisor does not kill all worker processes in secure mode in case of user mismatch\n * [STORM-3121] - Fix flaky metrics tests in storm-core\n * [STORM-3122] - FNFE due to race condition between 'async localizer' and 'update blob' timer thread\n * [STORM-3123] - Storm Kafka Monitor does not work with Kafka over two-way SSL\n * [STORM-3161] - Local mode should force setting min replication count to 1\n * [STORM-3164] - Multilang storm.py uses traceback.format_exc incorrectly\n * [STORM-3184] - Storm supervisor log showing keystore and truststore password in plaintext\n * [STORM-3201] - kafka spout lag on UI needs some cleanup\n * [STORM-3301] - The KafkaSpout can in some cases still replay tuples that were already committed\n * [STORM-3381] - Upgrading to Zookeeper 3.4.14 added an LGPL dependency\n * [STORM-3384] - storm set-log-level command throws wrong exception when the topology is not running\n * [STORM-3086] - Update Flux documentation to demonstrate static factory methods (STORM-2796)\n * [STORM-3089] - Document worker hooks on the hooks page\n * [STORM-3199] - Metrics-ganglia depends on an LGPL library, so we shouldn't depend on it\n * [STORM-3289] - Add note about KAFKA-7044 to storm-kafka-client compatibility docs\n * [STORM-3330] - Migrate parts of storm-webapp, and reduce use of mocks for files\n * 1.2.2\n * [STORM-3026] - Upgrade ZK instance for security\n * [STORM-3027] - Make Impersonation Optional\n * [STORM-2896] - Support automatic migration of offsets from storm-kafka to storm-kafka-client KafkaSpout\n * [STORM-2997] - Add logviewer ssl module in SECURITY.md\n * [STORM-3006] - Distributed RPC documentation needs an update\n * [STORM-3011] - Use default bin path in flight.bash if $JAVA_HOME is undefined\n * [STORM-3022] - Decouple storm-hive UTs with Hive\n * [STORM-3039] - Ports of killed topologies remain in TIME_WAIT state preventing to start new topology\n * [STORM-3069] - Allow users to specify maven local repository directory for storm submit tool\n * [STORM-2911] - SpoutConfig is serializable but does not declare a serialVersionUID field\n * [STORM-2967] - Upgrade jackson to latest version 2.9.4\n * [STORM-2968] - Exclude a few unwanted jars from storm-autocreds\n * [STORM-2978] - The fix for STORM-2706 is broken, and adds a transitive dependency on Zookeeper 3.5.3-beta for projects that depend on e.g. storm-kafka\n * [STORM-2979] - WorkerHooks EOFException during run_worker_shutdown_hooks\n * [STORM-2981] - Upgrade Curator to lastest patch version\n * [STORM-2985] - Add jackson-annotations to dependency management\n * [STORM-2988] - 'Error on initialization of server mk-worker' when using org.apache.storm.metrics2.reporters.JmxStormReporter on worker\n * [STORM-2989] - LogCleaner should preserve current worker.log.metrics\n * [STORM-2993] - Storm HDFS bolt throws ClosedChannelException when Time rotation policy is used\n * [STORM-2994] - KafkaSpout consumes messages but doesn't commit offsets\n * [STORM-3043] - NullPointerException thrown in SimpleRecordTranslator.apply()\n * [STORM-3052] - Let blobs un archive\n * [STORM-3059] - KafkaSpout throws NPE when hitting a null tuple if the processing guarantee is not AT_LEAST_ONCE\n * [STORM-2960] - Better to stress importance of setting up proper OS account for Storm processes\n * [STORM-3060] - Configuration mapping between storm-kafka & storm-kafka-client\n * [STORM-2952] - Deprecate storm-kafka in 1.x\n * [STORM-3005] - [DRPC] LinearDRPCTopologyBuilder shouldn't be deprecated\n\nChanges in storm-kit:\n- Add _constraints to prevent build from running out of disk space\n\n- Updated kit for storm-1.2.3\n\nChanges in venv-openstack-cinder:\n- Ensure that python-swiftclient is pulled into the built venv\n via an explicit BuildRequires directive. (SOC-10522)\n\nChanges in venv-openstack-swift:\n- Ensure that python-oslo.log is pulled into the built venv by\n explicitly requiring the package using a BuildRequires entry.\n\n ", title: "Description of the patch", }, { category: "details", text: "HPE-Helion-OpenStack-8-2020-3309,SUSE-2020-3309,SUSE-OpenStack-Cloud-8-2020-3309,SUSE-OpenStack-Cloud-Crowbar-8-2020-3309", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3309-1.json", }, { category: "self", summary: "URL for SUSE-SU-2020:3309-1", url: "https://www.suse.com/support/update/announcement/2020/suse-su-20203309-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2020:3309-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007763.html", }, { category: "self", summary: "SUSE Bug 1008037", url: "https://bugzilla.suse.com/1008037", }, { category: "self", summary: "SUSE Bug 1008038", url: "https://bugzilla.suse.com/1008038", }, { category: "self", summary: "SUSE Bug 1010940", url: "https://bugzilla.suse.com/1010940", }, { category: "self", summary: "SUSE Bug 1019021", url: "https://bugzilla.suse.com/1019021", }, { category: "self", summary: "SUSE Bug 1038785", url: "https://bugzilla.suse.com/1038785", }, { category: "self", summary: "SUSE Bug 1056094", url: "https://bugzilla.suse.com/1056094", }, { category: "self", summary: "SUSE Bug 1059235", url: "https://bugzilla.suse.com/1059235", }, { category: "self", summary: "SUSE Bug 1080682", url: "https://bugzilla.suse.com/1080682", }, { category: "self", summary: "SUSE Bug 1097775", url: "https://bugzilla.suse.com/1097775", }, { category: "self", summary: "SUSE Bug 1102126", url: "https://bugzilla.suse.com/1102126", }, { category: "self", summary: "SUSE Bug 1109957", url: "https://bugzilla.suse.com/1109957", }, { category: "self", summary: "SUSE Bug 1112959", url: "https://bugzilla.suse.com/1112959", }, { category: "self", summary: "SUSE Bug 1117080", url: "https://bugzilla.suse.com/1117080", }, { category: "self", summary: "SUSE Bug 1118896", url: "https://bugzilla.suse.com/1118896", }, { category: "self", summary: "SUSE Bug 1123561", url: "https://bugzilla.suse.com/1123561", }, { category: "self", summary: "SUSE Bug 1126503", url: "https://bugzilla.suse.com/1126503", }, { category: "self", summary: "SUSE Bug 1137479", url: "https://bugzilla.suse.com/1137479", }, { category: "self", summary: "SUSE Bug 1137528", url: "https://bugzilla.suse.com/1137528", }, { category: "self", summary: "SUSE Bug 1142121", url: "https://bugzilla.suse.com/1142121", }, { category: "self", summary: "SUSE Bug 1142542", url: "https://bugzilla.suse.com/1142542", }, { category: "self", summary: "SUSE Bug 1144453", url: "https://bugzilla.suse.com/1144453", }, { category: "self", summary: "SUSE Bug 1153452", url: "https://bugzilla.suse.com/1153452", }, { category: "self", summary: "SUSE Bug 1154231", url: "https://bugzilla.suse.com/1154231", }, { category: "self", summary: "SUSE Bug 1154232", url: "https://bugzilla.suse.com/1154232", }, { category: "self", summary: "SUSE Bug 1154830", url: "https://bugzilla.suse.com/1154830", }, { category: "self", summary: "SUSE Bug 1157968", url: "https://bugzilla.suse.com/1157968", }, { category: "self", summary: "SUSE Bug 1157969", url: "https://bugzilla.suse.com/1157969", }, { category: "self", summary: "SUSE Bug 1159447", url: "https://bugzilla.suse.com/1159447", }, { category: "self", summary: "SUSE Bug 1161919", url: "https://bugzilla.suse.com/1161919", }, { category: "self", summary: "SUSE Bug 1164133", url: "https://bugzilla.suse.com/1164133", }, { category: "self", summary: "SUSE Bug 1164134", url: "https://bugzilla.suse.com/1164134", }, { category: "self", summary: "SUSE Bug 1164135", url: "https://bugzilla.suse.com/1164135", }, { category: "self", summary: "SUSE Bug 1164136", url: "https://bugzilla.suse.com/1164136", }, { category: "self", summary: "SUSE Bug 1164137", url: "https://bugzilla.suse.com/1164137", }, { category: "self", summary: "SUSE Bug 1164138", url: "https://bugzilla.suse.com/1164138", }, { category: "self", summary: "SUSE Bug 1164139", url: "https://bugzilla.suse.com/1164139", }, { category: "self", summary: "SUSE Bug 1164140", url: "https://bugzilla.suse.com/1164140", }, { category: "self", summary: "SUSE Bug 1165022", url: "https://bugzilla.suse.com/1165022", }, { category: "self", summary: "SUSE Bug 1165393", url: "https://bugzilla.suse.com/1165393", }, { category: "self", summary: "SUSE Bug 1166389", url: "https://bugzilla.suse.com/1166389", }, { category: "self", summary: "SUSE Bug 1167440", url: "https://bugzilla.suse.com/1167440", }, { category: "self", summary: "SUSE Bug 1167532", url: "https://bugzilla.suse.com/1167532", }, { category: "self", summary: "SUSE Bug 1171162", url: "https://bugzilla.suse.com/1171162", }, { category: "self", summary: "SUSE Bug 1171823", url: "https://bugzilla.suse.com/1171823", }, { category: "self", summary: "SUSE Bug 1172450", url: "https://bugzilla.suse.com/1172450", }, { category: "self", summary: "SUSE Bug 1173413", url: "https://bugzilla.suse.com/1173413", }, { category: "self", summary: "SUSE Bug 1173416", url: "https://bugzilla.suse.com/1173416", }, { category: "self", summary: "SUSE Bug 1173418", url: "https://bugzilla.suse.com/1173418", }, { category: "self", summary: "SUSE Bug 1174006", url: "https://bugzilla.suse.com/1174006", }, { category: "self", summary: "SUSE Bug 1174145", url: "https://bugzilla.suse.com/1174145", }, { category: "self", summary: "SUSE Bug 1174242", url: "https://bugzilla.suse.com/1174242", }, { category: "self", summary: "SUSE Bug 1174302", url: "https://bugzilla.suse.com/1174302", }, { category: "self", summary: "SUSE Bug 1174583", url: "https://bugzilla.suse.com/1174583", }, { category: "self", summary: "SUSE Bug 1175484", url: "https://bugzilla.suse.com/1175484", }, { category: "self", summary: "SUSE Bug 1175986", url: "https://bugzilla.suse.com/1175986", }, { category: "self", summary: "SUSE Bug 1175993", url: "https://bugzilla.suse.com/1175993", }, { category: "self", summary: "SUSE Bug 1177120", url: "https://bugzilla.suse.com/1177120", }, { category: "self", summary: "SUSE Bug 1177948", url: "https://bugzilla.suse.com/1177948", }, { category: "self", summary: "SUSE CVE CVE-2016-8614 page", url: "https://www.suse.com/security/cve/CVE-2016-8614/", }, { category: "self", summary: "SUSE CVE CVE-2016-8628 page", url: "https://www.suse.com/security/cve/CVE-2016-8628/", }, { category: "self", summary: "SUSE CVE CVE-2016-8647 page", url: "https://www.suse.com/security/cve/CVE-2016-8647/", }, { category: "self", summary: "SUSE CVE CVE-2016-9587 page", url: "https://www.suse.com/security/cve/CVE-2016-9587/", }, { category: "self", summary: "SUSE CVE CVE-2017-7466 page", url: "https://www.suse.com/security/cve/CVE-2017-7466/", }, { category: "self", summary: "SUSE CVE CVE-2017-7550 page", url: "https://www.suse.com/security/cve/CVE-2017-7550/", }, { category: "self", summary: "SUSE CVE CVE-2018-10875 page", url: "https://www.suse.com/security/cve/CVE-2018-10875/", }, { category: "self", summary: "SUSE CVE CVE-2018-11779 page", url: "https://www.suse.com/security/cve/CVE-2018-11779/", }, { category: "self", summary: "SUSE CVE CVE-2018-16837 page", url: "https://www.suse.com/security/cve/CVE-2018-16837/", }, { category: "self", summary: "SUSE CVE CVE-2018-16859 page", url: "https://www.suse.com/security/cve/CVE-2018-16859/", }, { category: "self", summary: "SUSE CVE CVE-2018-16876 page", url: "https://www.suse.com/security/cve/CVE-2018-16876/", }, { category: "self", summary: "SUSE CVE CVE-2018-18623 page", url: "https://www.suse.com/security/cve/CVE-2018-18623/", }, { category: "self", summary: "SUSE CVE CVE-2018-18624 page", url: "https://www.suse.com/security/cve/CVE-2018-18624/", }, { category: "self", summary: "SUSE CVE CVE-2018-18625 page", url: "https://www.suse.com/security/cve/CVE-2018-18625/", }, { category: "self", summary: "SUSE CVE CVE-2019-0202 page", url: "https://www.suse.com/security/cve/CVE-2019-0202/", }, { category: "self", summary: "SUSE CVE CVE-2019-10156 page", url: "https://www.suse.com/security/cve/CVE-2019-10156/", }, { category: "self", summary: "SUSE CVE CVE-2019-10206 page", url: "https://www.suse.com/security/cve/CVE-2019-10206/", }, { category: "self", summary: "SUSE CVE CVE-2019-10217 page", url: "https://www.suse.com/security/cve/CVE-2019-10217/", }, { category: "self", summary: "SUSE CVE CVE-2019-14846 page", url: "https://www.suse.com/security/cve/CVE-2019-14846/", }, { category: "self", summary: "SUSE CVE CVE-2019-14856 page", url: "https://www.suse.com/security/cve/CVE-2019-14856/", }, { category: "self", summary: "SUSE CVE CVE-2019-14858 page", url: "https://www.suse.com/security/cve/CVE-2019-14858/", }, { category: "self", summary: "SUSE CVE CVE-2019-14864 page", url: "https://www.suse.com/security/cve/CVE-2019-14864/", }, { category: "self", summary: "SUSE CVE CVE-2019-14904 page", url: "https://www.suse.com/security/cve/CVE-2019-14904/", }, { category: "self", summary: "SUSE CVE CVE-2019-14905 page", url: "https://www.suse.com/security/cve/CVE-2019-14905/", }, { category: "self", summary: "SUSE CVE CVE-2019-19844 page", url: "https://www.suse.com/security/cve/CVE-2019-19844/", }, { category: "self", summary: "SUSE CVE CVE-2019-3828 page", url: "https://www.suse.com/security/cve/CVE-2019-3828/", }, { category: "self", summary: "SUSE CVE CVE-2020-10177 page", url: "https://www.suse.com/security/cve/CVE-2020-10177/", }, { category: "self", summary: "SUSE CVE CVE-2020-10378 page", url: "https://www.suse.com/security/cve/CVE-2020-10378/", }, { category: "self", summary: "SUSE CVE CVE-2020-10684 page", url: "https://www.suse.com/security/cve/CVE-2020-10684/", }, { category: "self", summary: "SUSE CVE CVE-2020-10685 page", url: "https://www.suse.com/security/cve/CVE-2020-10685/", }, { category: "self", summary: "SUSE CVE CVE-2020-10691 page", url: "https://www.suse.com/security/cve/CVE-2020-10691/", }, { category: "self", summary: "SUSE CVE CVE-2020-10729 page", url: "https://www.suse.com/security/cve/CVE-2020-10729/", }, { category: "self", summary: "SUSE CVE CVE-2020-10744 page", url: "https://www.suse.com/security/cve/CVE-2020-10744/", }, { category: "self", summary: "SUSE CVE CVE-2020-10994 page", url: "https://www.suse.com/security/cve/CVE-2020-10994/", }, { category: "self", summary: "SUSE CVE CVE-2020-11110 page", url: "https://www.suse.com/security/cve/CVE-2020-11110/", }, { category: "self", summary: "SUSE CVE CVE-2020-14330 page", url: "https://www.suse.com/security/cve/CVE-2020-14330/", }, { category: "self", summary: "SUSE CVE CVE-2020-14332 page", url: "https://www.suse.com/security/cve/CVE-2020-14332/", }, { category: "self", summary: "SUSE CVE CVE-2020-14365 page", url: "https://www.suse.com/security/cve/CVE-2020-14365/", }, { category: "self", summary: "SUSE CVE CVE-2020-1733 page", url: "https://www.suse.com/security/cve/CVE-2020-1733/", }, { category: "self", summary: "SUSE CVE CVE-2020-1734 page", url: "https://www.suse.com/security/cve/CVE-2020-1734/", }, { category: "self", summary: "SUSE CVE CVE-2020-1735 page", url: "https://www.suse.com/security/cve/CVE-2020-1735/", }, { category: "self", summary: "SUSE CVE CVE-2020-1736 page", url: "https://www.suse.com/security/cve/CVE-2020-1736/", }, { category: "self", summary: "SUSE CVE CVE-2020-1737 page", url: "https://www.suse.com/security/cve/CVE-2020-1737/", }, { category: "self", summary: "SUSE CVE CVE-2020-17376 page", url: "https://www.suse.com/security/cve/CVE-2020-17376/", }, { category: "self", summary: "SUSE CVE CVE-2020-1738 page", url: "https://www.suse.com/security/cve/CVE-2020-1738/", }, { category: "self", summary: "SUSE CVE CVE-2020-1739 page", url: "https://www.suse.com/security/cve/CVE-2020-1739/", }, { category: "self", summary: "SUSE CVE CVE-2020-1740 page", url: "https://www.suse.com/security/cve/CVE-2020-1740/", }, { category: "self", summary: "SUSE CVE CVE-2020-1746 page", url: "https://www.suse.com/security/cve/CVE-2020-1746/", }, { category: "self", summary: "SUSE CVE CVE-2020-1753 page", url: "https://www.suse.com/security/cve/CVE-2020-1753/", }, { category: "self", summary: "SUSE CVE CVE-2020-25032 page", url: "https://www.suse.com/security/cve/CVE-2020-25032/", }, { category: "self", summary: "SUSE CVE CVE-2020-26137 page", url: "https://www.suse.com/security/cve/CVE-2020-26137/", }, { category: "self", summary: "SUSE CVE CVE-2020-7471 page", url: "https://www.suse.com/security/cve/CVE-2020-7471/", }, { category: "self", summary: "SUSE CVE CVE-2020-9402 page", url: "https://www.suse.com/security/cve/CVE-2020-9402/", }, ], title: "Security update for ansible, ardana-ansible, ardana-cinder, ardana-glance, ardana-mq, ardana-nova, ardana-osconfig, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-monasca-installer, openstack-neutron, openstack-nova, python-Django, python-Flask-Cors, python-Pillow, python-ardana-packager, python-keystoneclient, python-keystonemiddleware, python-kombu, python-straight-plugin, python-urllib3, release-notes-suse-openstack-cloud, storm, storm-kit, venv-openstack-cinder, venv-openstack-swift", tracking: { current_release_date: "2020-11-12T14:17:34Z", generator: { date: "2020-11-12T14:17:34Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2020:3309-1", initial_release_date: "2020-11-12T14:17:34Z", revision_history: [ { date: "2020-11-12T14:17:34Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ansible-2.9.14-3.15.1.aarch64", product: { name: "ansible-2.9.14-3.15.1.aarch64", product_id: "ansible-2.9.14-3.15.1.aarch64", }, }, { category: "product_version", name: "ansible-doc-2.9.14-3.15.1.aarch64", product: { name: "ansible-doc-2.9.14-3.15.1.aarch64", product_id: "ansible-doc-2.9.14-3.15.1.aarch64", }, }, { category: "product_version", name: "ansible-test-2.9.14-3.15.1.aarch64", product: { name: "ansible-test-2.9.14-3.15.1.aarch64", product_id: "ansible-test-2.9.14-3.15.1.aarch64", }, }, { category: "product_version", name: "crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.aarch64", product: { name: "crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.aarch64", product_id: "crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.aarch64", }, }, { category: "product_version", name: "crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.aarch64", product: { name: "crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.aarch64", product_id: "crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.aarch64", }, }, { category: "product_version", name: "crowbar-core-devel-5.0+git.1600432272.b3ad722f0-3.44.1.aarch64", product: { name: "crowbar-core-devel-5.0+git.1600432272.b3ad722f0-3.44.1.aarch64", product_id: "crowbar-core-devel-5.0+git.1600432272.b3ad722f0-3.44.1.aarch64", }, }, { category: "product_version", name: "go1.14-1.14.10-1.3.2.aarch64", product: { name: "go1.14-1.14.10-1.3.2.aarch64", product_id: "go1.14-1.14.10-1.3.2.aarch64", }, }, { category: "product_version", name: "go1.14-doc-1.14.10-1.3.2.aarch64", product: { name: "go1.14-doc-1.14.10-1.3.2.aarch64", product_id: "go1.14-doc-1.14.10-1.3.2.aarch64", }, }, { category: "product_version", name: "grafana-6.7.4-4.12.1.aarch64", product: { name: "grafana-6.7.4-4.12.1.aarch64", product_id: "grafana-6.7.4-4.12.1.aarch64", }, }, { category: "product_version", name: "python-Pillow-4.2.1-3.9.2.aarch64", product: { name: "python-Pillow-4.2.1-3.9.2.aarch64", product_id: "python-Pillow-4.2.1-3.9.2.aarch64", }, }, { category: "product_version", name: "python3-Pillow-4.2.1-3.9.2.aarch64", product: { name: "python3-Pillow-4.2.1-3.9.2.aarch64", product_id: "python3-Pillow-4.2.1-3.9.2.aarch64", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-3.9.3-1.1.aarch64", product: { name: "ruby2.1-rubygem-crowbar-client-3.9.3-1.1.aarch64", product_id: "ruby2.1-rubygem-crowbar-client-3.9.3-1.1.aarch64", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-doc-3.9.3-1.1.aarch64", product: { name: "ruby2.1-rubygem-crowbar-client-doc-3.9.3-1.1.aarch64", product_id: "ruby2.1-rubygem-crowbar-client-doc-3.9.3-1.1.aarch64", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.3-1.1.aarch64", product: { name: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.3-1.1.aarch64", product_id: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.3-1.1.aarch64", }, }, { category: "product_version", name: "storm-1.2.3-3.6.1.aarch64", product: { name: "storm-1.2.3-3.6.1.aarch64", product_id: "storm-1.2.3-3.6.1.aarch64", }, }, { category: "product_version", name: "storm-doc-1.2.3-3.6.1.aarch64", product: { name: "storm-doc-1.2.3-3.6.1.aarch64", product_id: "storm-doc-1.2.3-3.6.1.aarch64", }, }, { category: "product_version", name: "storm-logviewer-1.2.3-3.6.1.aarch64", product: { name: "storm-logviewer-1.2.3-3.6.1.aarch64", product_id: "storm-logviewer-1.2.3-3.6.1.aarch64", }, }, { category: "product_version", name: "storm-nimbus-1.2.3-3.6.1.aarch64", product: { name: "storm-nimbus-1.2.3-3.6.1.aarch64", product_id: "storm-nimbus-1.2.3-3.6.1.aarch64", }, }, { category: "product_version", name: "storm-pacemaker-1.2.3-3.6.1.aarch64", product: { name: "storm-pacemaker-1.2.3-3.6.1.aarch64", product_id: "storm-pacemaker-1.2.3-3.6.1.aarch64", }, }, { category: "product_version", name: "storm-supervisor-1.2.3-3.6.1.aarch64", product: { name: "storm-supervisor-1.2.3-3.6.1.aarch64", product_id: "storm-supervisor-1.2.3-3.6.1.aarch64", }, }, { category: "product_version", name: "storm-ui-1.2.3-3.6.1.aarch64", product: { name: "storm-ui-1.2.3-3.6.1.aarch64", product_id: "storm-ui-1.2.3-3.6.1.aarch64", }, }, { category: "product_version", name: "storm-zookeeper-1.2.3-3.6.1.aarch64", product: { name: "storm-zookeeper-1.2.3-3.6.1.aarch64", product_id: "storm-zookeeper-1.2.3-3.6.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", product: { name: "ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", product_id: "ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", }, }, { category: "product_version", name: "ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", product: { name: "ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", product_id: "ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", }, }, { category: "product_version", name: "ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", product: { name: "ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", product_id: "ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", }, }, { category: "product_version", name: "ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", product: { name: "ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", product_id: "ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", }, }, { category: "product_version", name: "ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", product: { name: "ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", product_id: "ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", }, }, { category: "product_version", name: "ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", product: { name: "ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", product_id: "ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", }, }, { category: "product_version", name: "documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", product: { name: "documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", product_id: "documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", }, }, { category: "product_version", name: "documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", product: { name: "documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", product_id: "documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", }, }, { category: "product_version", name: "documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", product: { name: "documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", product_id: "documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", }, }, { category: "product_version", name: "documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", product: { name: "documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", product_id: "documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", }, }, { category: "product_version", name: "documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", product: { name: "documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", product_id: "documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", }, }, { category: "product_version", name: "documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", product: { name: "documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", product_id: "documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", }, }, { category: "product_version", name: "grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", product: { name: "grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", product_id: "grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", }, }, { category: "product_version", name: "openstack-cinder-11.2.3~dev29-3.28.2.noarch", product: { name: "openstack-cinder-11.2.3~dev29-3.28.2.noarch", product_id: "openstack-cinder-11.2.3~dev29-3.28.2.noarch", }, }, { category: "product_version", name: "openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", product: { name: "openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", product_id: "openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", }, }, { category: "product_version", name: "openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", product: { name: "openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", product_id: "openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", }, }, { category: "product_version", name: "openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", product: { name: "openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", product_id: "openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", }, }, { category: "product_version", name: "openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", product: { name: "openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", product_id: "openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", }, }, { category: "product_version", name: "openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", product: { name: "openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", product_id: "openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", }, }, { category: "product_version", name: "openstack-monasca-installer-20190923_16.32-3.15.1.noarch", product: { name: "openstack-monasca-installer-20190923_16.32-3.15.1.noarch", product_id: "openstack-monasca-installer-20190923_16.32-3.15.1.noarch", }, }, { category: "product_version", name: "openstack-neutron-11.0.9~dev69-3.37.2.noarch", product: { name: "openstack-neutron-11.0.9~dev69-3.37.2.noarch", product_id: "openstack-neutron-11.0.9~dev69-3.37.2.noarch", }, }, { category: "product_version", name: "openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", product: { name: "openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", product_id: "openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", }, }, { category: "product_version", name: "openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", product: { name: "openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", product_id: "openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", }, }, { category: "product_version", name: "openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", product: { name: "openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", product_id: "openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", }, }, { category: "product_version", name: "openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", product: { name: "openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", product_id: "openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", }, }, { category: "product_version", name: "openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", product: { name: "openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", product_id: "openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", }, }, { category: "product_version", name: "openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", product: { name: "openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", product_id: "openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", }, }, { category: "product_version", name: "openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", product: { name: "openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", product_id: "openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", }, }, { category: "product_version", name: "openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", product: { name: "openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", product_id: "openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", }, }, { category: "product_version", name: "openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", product: { name: "openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", product_id: "openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", }, }, { category: "product_version", name: "openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", product: { name: "openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", product_id: "openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", }, }, { category: "product_version", name: "openstack-nova-16.1.9~dev76-3.39.2.noarch", product: { name: "openstack-nova-16.1.9~dev76-3.39.2.noarch", product_id: "openstack-nova-16.1.9~dev76-3.39.2.noarch", }, }, { category: "product_version", name: "openstack-nova-api-16.1.9~dev76-3.39.2.noarch", product: { name: "openstack-nova-api-16.1.9~dev76-3.39.2.noarch", product_id: "openstack-nova-api-16.1.9~dev76-3.39.2.noarch", }, }, { category: "product_version", name: "openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", product: { name: "openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", product_id: "openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", }, }, { category: "product_version", name: "openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", product: { name: "openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", product_id: "openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", }, }, { category: "product_version", name: "openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", product: { name: "openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", product_id: "openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", }, }, { category: "product_version", name: "openstack-nova-console-16.1.9~dev76-3.39.2.noarch", product: { name: "openstack-nova-console-16.1.9~dev76-3.39.2.noarch", product_id: "openstack-nova-console-16.1.9~dev76-3.39.2.noarch", }, }, { category: "product_version", name: "openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", product: { name: "openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", product_id: "openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", }, }, { category: "product_version", name: "openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", product: { name: "openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", product_id: "openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", }, }, { category: "product_version", name: "openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", product: { name: "openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", product_id: "openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", }, }, { category: "product_version", name: "openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", product: { name: "openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", product_id: "openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", }, }, { category: "product_version", name: "openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", product: { name: "openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", product_id: "openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", }, }, { category: "product_version", name: "openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", product: { name: "openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", product_id: "openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", }, }, { category: "product_version", name: "openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", product: { name: "openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", product_id: "openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", }, }, { category: "product_version", name: "python-Django-1.11.29-3.19.2.noarch", product: { name: "python-Django-1.11.29-3.19.2.noarch", product_id: "python-Django-1.11.29-3.19.2.noarch", }, }, { category: "product_version", name: "python-Flask-Cors-3.0.3-3.3.1.noarch", product: { name: "python-Flask-Cors-3.0.3-3.3.1.noarch", product_id: "python-Flask-Cors-3.0.3-3.3.1.noarch", }, }, { category: "product_version", name: "python-ardana-packager-0.0.3-7.7.2.noarch", product: { name: "python-ardana-packager-0.0.3-7.7.2.noarch", product_id: "python-ardana-packager-0.0.3-7.7.2.noarch", }, }, { category: "product_version", name: "python-cinder-11.2.3~dev29-3.28.2.noarch", product: { name: "python-cinder-11.2.3~dev29-3.28.2.noarch", product_id: "python-cinder-11.2.3~dev29-3.28.2.noarch", }, }, { category: "product_version", name: "python-keystoneclient-3.13.1-3.3.2.noarch", product: { name: "python-keystoneclient-3.13.1-3.3.2.noarch", product_id: "python-keystoneclient-3.13.1-3.3.2.noarch", }, }, { category: "product_version", name: "python-keystoneclient-doc-3.13.1-3.3.2.noarch", product: { name: "python-keystoneclient-doc-3.13.1-3.3.2.noarch", product_id: "python-keystoneclient-doc-3.13.1-3.3.2.noarch", }, }, { category: "product_version", name: "python-keystonemiddleware-4.17.1-5.3.1.noarch", product: { name: "python-keystonemiddleware-4.17.1-5.3.1.noarch", product_id: "python-keystonemiddleware-4.17.1-5.3.1.noarch", }, }, { category: "product_version", name: "python-kombu-4.1.0-3.7.1.noarch", product: { name: "python-kombu-4.1.0-3.7.1.noarch", product_id: "python-kombu-4.1.0-3.7.1.noarch", }, }, { category: "product_version", name: "python-neutron-11.0.9~dev69-3.37.2.noarch", product: { name: "python-neutron-11.0.9~dev69-3.37.2.noarch", product_id: "python-neutron-11.0.9~dev69-3.37.2.noarch", }, }, { category: "product_version", name: "python-nova-16.1.9~dev76-3.39.2.noarch", product: { name: "python-nova-16.1.9~dev76-3.39.2.noarch", product_id: "python-nova-16.1.9~dev76-3.39.2.noarch", }, }, { category: "product_version", name: "python-urllib3-1.22-5.12.1.noarch", product: { name: "python-urllib3-1.22-5.12.1.noarch", product_id: "python-urllib3-1.22-5.12.1.noarch", }, }, { category: "product_version", name: "release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", product: { name: "release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", product_id: "release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", }, }, { category: "product_version", name: "venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", product: { name: "venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", product_id: "venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", }, }, { category: "product_version", name: "venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", product: { name: "venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", product_id: "venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", }, }, { category: "product_version", name: "venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", product: { name: "venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", product_id: "venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", }, }, { category: "product_version", name: "venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", product: { name: "venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", product_id: "venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", }, }, { category: "product_version", name: "venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", product: { name: "venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", product_id: "venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", }, }, { category: "product_version", name: "venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", product: { name: "venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", product_id: "venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", }, }, { category: "product_version", name: "venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", product: { name: "venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", product_id: "venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", }, }, { category: "product_version", name: "venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", product: { name: "venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", product_id: "venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", }, }, { category: "product_version", name: "venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", product: { name: "venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", product_id: "venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", }, }, { category: "product_version", name: "venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", product: { name: "venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", product_id: "venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", }, }, { category: "product_version", name: "venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", product: { name: "venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", product_id: "venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", }, }, { category: "product_version", name: "venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", product: { name: "venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", product_id: "venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", }, }, { category: "product_version", name: "venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", product: { name: "venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", product_id: "venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", }, }, { category: "product_version", name: "venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", product: { name: "venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", product_id: "venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", }, }, { category: "product_version", name: "venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", product: { name: "venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", product_id: "venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", }, }, { category: "product_version", name: "venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", product: { name: "venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", product_id: "venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", }, }, { category: "product_version", name: "venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", product: { name: "venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", product_id: "venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", }, }, { category: "product_version", name: "venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", product: { name: "venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", product_id: "venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", }, }, { category: "product_version", name: "venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", product: { name: "venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", product_id: "venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", }, }, { category: "product_version", name: "venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", product: { name: "venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", product_id: "venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", }, }, { category: "product_version", name: "venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", product: { name: "venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", product_id: "venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", }, }, { category: "product_version", name: "venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", product: { name: "venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", product_id: "venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", }, }, { category: "product_version", name: "clamav-database-202011020009-1.3.1.noarch", product: { name: "clamav-database-202011020009-1.3.1.noarch", product_id: "clamav-database-202011020009-1.3.1.noarch", }, }, { category: "product_version", name: "crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", product: { name: "crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", product_id: "crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", product: { name: "documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", product_id: "documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", product: { name: "documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", product_id: "documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", product: { name: "documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", product_id: "documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", product: { name: "documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", product_id: "documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", product: { name: "documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", product_id: "documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", product: { name: "documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", product_id: "documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-socmmsoperator-8.20201007-1.29.1.noarch", product: { name: "documentation-suse-openstack-cloud-socmmsoperator-8.20201007-1.29.1.noarch", product_id: "documentation-suse-openstack-cloud-socmmsoperator-8.20201007-1.29.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-socmosoperator-8.20201007-1.29.1.noarch", product: { name: "documentation-suse-openstack-cloud-socmosoperator-8.20201007-1.29.1.noarch", product_id: "documentation-suse-openstack-cloud-socmosoperator-8.20201007-1.29.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-socmoverview-8.20201007-1.29.1.noarch", product: { name: "documentation-suse-openstack-cloud-socmoverview-8.20201007-1.29.1.noarch", product_id: "documentation-suse-openstack-cloud-socmoverview-8.20201007-1.29.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", product: { name: "documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", product_id: "documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", product: { name: "documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", product_id: "documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", product: { name: "documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", product_id: "documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", product: { name: "documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", product_id: "documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", }, }, { category: "product_version", name: "openstack-cinder-test-11.2.3~dev29-3.28.2.noarch", product: { name: "openstack-cinder-test-11.2.3~dev29-3.28.2.noarch", product_id: "openstack-cinder-test-11.2.3~dev29-3.28.2.noarch", }, }, { category: "product_version", name: "openstack-neutron-test-11.0.9~dev69-3.37.2.noarch", product: { name: "openstack-neutron-test-11.0.9~dev69-3.37.2.noarch", product_id: "openstack-neutron-test-11.0.9~dev69-3.37.2.noarch", }, }, { category: "product_version", name: "openstack-nova-network-16.1.9~dev76-3.39.2.noarch", product: { name: "openstack-nova-network-16.1.9~dev76-3.39.2.noarch", product_id: "openstack-nova-network-16.1.9~dev76-3.39.2.noarch", }, }, { category: "product_version", name: "openstack-nova-test-16.1.9~dev76-3.39.2.noarch", product: { name: "openstack-nova-test-16.1.9~dev76-3.39.2.noarch", product_id: "openstack-nova-test-16.1.9~dev76-3.39.2.noarch", }, }, { category: "product_version", name: "python-keystonemiddleware-doc-4.17.1-5.3.1.noarch", product: { name: "python-keystonemiddleware-doc-4.17.1-5.3.1.noarch", product_id: "python-keystonemiddleware-doc-4.17.1-5.3.1.noarch", }, }, { category: "product_version", name: "python-straight-plugin-1.5.0-1.3.1.noarch", product: { name: "python-straight-plugin-1.5.0-1.3.1.noarch", product_id: "python-straight-plugin-1.5.0-1.3.1.noarch", }, }, { category: "product_version", name: "python3-Django-1.11.29-3.19.2.noarch", product: { name: "python3-Django-1.11.29-3.19.2.noarch", product_id: "python3-Django-1.11.29-3.19.2.noarch", }, }, { category: "product_version", name: "python3-Flask-Cors-3.0.3-3.3.1.noarch", product: { name: "python3-Flask-Cors-3.0.3-3.3.1.noarch", product_id: "python3-Flask-Cors-3.0.3-3.3.1.noarch", }, }, { category: "product_version", name: "python3-ardana-packager-0.0.3-7.7.2.noarch", product: { name: "python3-ardana-packager-0.0.3-7.7.2.noarch", product_id: "python3-ardana-packager-0.0.3-7.7.2.noarch", }, }, { category: "product_version", name: "python3-kombu-4.1.0-3.7.1.noarch", product: { name: "python3-kombu-4.1.0-3.7.1.noarch", product_id: "python3-kombu-4.1.0-3.7.1.noarch", }, }, { category: "product_version", name: "python3-straight-plugin-1.5.0-1.3.1.noarch", product: { name: "python3-straight-plugin-1.5.0-1.3.1.noarch", product_id: "python3-straight-plugin-1.5.0-1.3.1.noarch", }, }, { category: "product_version", name: "python3-urllib3-1.22-5.12.1.noarch", product: { name: "python3-urllib3-1.22-5.12.1.noarch", product_id: "python3-urllib3-1.22-5.12.1.noarch", }, }, { category: "product_version", name: "release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", product: { name: "release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", product_id: "release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", }, }, { category: "product_version", name: "storm-kit-1.2.3-3.6.1.noarch", product: { name: "storm-kit-1.2.3-3.6.1.noarch", product_id: "storm-kit-1.2.3-3.6.1.noarch", }, }, { category: "product_version", name: "venv-openstack-aodh-aarch64-5.1.1~dev7-12.28.1.noarch", product: { name: "venv-openstack-aodh-aarch64-5.1.1~dev7-12.28.1.noarch", product_id: "venv-openstack-aodh-aarch64-5.1.1~dev7-12.28.1.noarch", }, }, { category: "product_version", name: "venv-openstack-aodh-ppc64le-5.1.1~dev7-12.28.1.noarch", product: { name: "venv-openstack-aodh-ppc64le-5.1.1~dev7-12.28.1.noarch", product_id: "venv-openstack-aodh-ppc64le-5.1.1~dev7-12.28.1.noarch", }, }, { category: "product_version", name: "venv-openstack-aodh-s390x-5.1.1~dev7-12.28.1.noarch", product: { name: "venv-openstack-aodh-s390x-5.1.1~dev7-12.28.1.noarch", product_id: "venv-openstack-aodh-s390x-5.1.1~dev7-12.28.1.noarch", }, }, { category: "product_version", name: "venv-openstack-barbican-aarch64-5.0.2~dev3-12.29.1.noarch", product: { name: "venv-openstack-barbican-aarch64-5.0.2~dev3-12.29.1.noarch", product_id: "venv-openstack-barbican-aarch64-5.0.2~dev3-12.29.1.noarch", }, }, { category: "product_version", name: "venv-openstack-barbican-ppc64le-5.0.2~dev3-12.29.1.noarch", product: { name: "venv-openstack-barbican-ppc64le-5.0.2~dev3-12.29.1.noarch", product_id: "venv-openstack-barbican-ppc64le-5.0.2~dev3-12.29.1.noarch", }, }, { category: "product_version", name: "venv-openstack-barbican-s390x-5.0.2~dev3-12.29.1.noarch", product: { name: "venv-openstack-barbican-s390x-5.0.2~dev3-12.29.1.noarch", product_id: "venv-openstack-barbican-s390x-5.0.2~dev3-12.29.1.noarch", }, }, { category: "product_version", name: "venv-openstack-ceilometer-aarch64-9.0.8~dev7-12.26.1.noarch", product: { name: "venv-openstack-ceilometer-aarch64-9.0.8~dev7-12.26.1.noarch", product_id: "venv-openstack-ceilometer-aarch64-9.0.8~dev7-12.26.1.noarch", }, }, { category: "product_version", name: "venv-openstack-ceilometer-ppc64le-9.0.8~dev7-12.26.1.noarch", product: { name: "venv-openstack-ceilometer-ppc64le-9.0.8~dev7-12.26.1.noarch", product_id: "venv-openstack-ceilometer-ppc64le-9.0.8~dev7-12.26.1.noarch", }, }, { category: "product_version", name: "venv-openstack-ceilometer-s390x-9.0.8~dev7-12.26.1.noarch", product: { name: "venv-openstack-ceilometer-s390x-9.0.8~dev7-12.26.1.noarch", product_id: "venv-openstack-ceilometer-s390x-9.0.8~dev7-12.26.1.noarch", }, }, { category: "product_version", name: "venv-openstack-cinder-aarch64-11.2.3~dev29-14.30.1.noarch", product: { name: "venv-openstack-cinder-aarch64-11.2.3~dev29-14.30.1.noarch", product_id: "venv-openstack-cinder-aarch64-11.2.3~dev29-14.30.1.noarch", }, }, { category: "product_version", name: "venv-openstack-cinder-ppc64le-11.2.3~dev29-14.30.1.noarch", product: { name: "venv-openstack-cinder-ppc64le-11.2.3~dev29-14.30.1.noarch", product_id: "venv-openstack-cinder-ppc64le-11.2.3~dev29-14.30.1.noarch", }, }, { category: "product_version", name: "venv-openstack-cinder-s390x-11.2.3~dev29-14.30.1.noarch", product: { name: "venv-openstack-cinder-s390x-11.2.3~dev29-14.30.1.noarch", product_id: "venv-openstack-cinder-s390x-11.2.3~dev29-14.30.1.noarch", }, }, { category: "product_version", name: "venv-openstack-designate-aarch64-5.0.3~dev7-12.27.1.noarch", product: { name: "venv-openstack-designate-aarch64-5.0.3~dev7-12.27.1.noarch", product_id: "venv-openstack-designate-aarch64-5.0.3~dev7-12.27.1.noarch", }, }, { category: "product_version", name: "venv-openstack-designate-ppc64le-5.0.3~dev7-12.27.1.noarch", product: { name: "venv-openstack-designate-ppc64le-5.0.3~dev7-12.27.1.noarch", product_id: "venv-openstack-designate-ppc64le-5.0.3~dev7-12.27.1.noarch", }, }, { category: "product_version", name: "venv-openstack-designate-s390x-5.0.3~dev7-12.27.1.noarch", product: { name: "venv-openstack-designate-s390x-5.0.3~dev7-12.27.1.noarch", product_id: "venv-openstack-designate-s390x-5.0.3~dev7-12.27.1.noarch", }, }, { category: "product_version", name: "venv-openstack-freezer-aarch64-5.0.0.0~xrc2~dev2-10.24.1.noarch", product: { name: "venv-openstack-freezer-aarch64-5.0.0.0~xrc2~dev2-10.24.1.noarch", product_id: "venv-openstack-freezer-aarch64-5.0.0.0~xrc2~dev2-10.24.1.noarch", }, }, { category: "product_version", name: "venv-openstack-freezer-ppc64le-5.0.0.0~xrc2~dev2-10.24.1.noarch", product: { name: "venv-openstack-freezer-ppc64le-5.0.0.0~xrc2~dev2-10.24.1.noarch", product_id: "venv-openstack-freezer-ppc64le-5.0.0.0~xrc2~dev2-10.24.1.noarch", }, }, { category: "product_version", name: "venv-openstack-freezer-s390x-5.0.0.0~xrc2~dev2-10.24.1.noarch", product: { name: "venv-openstack-freezer-s390x-5.0.0.0~xrc2~dev2-10.24.1.noarch", product_id: "venv-openstack-freezer-s390x-5.0.0.0~xrc2~dev2-10.24.1.noarch", }, }, { category: "product_version", name: "venv-openstack-glance-aarch64-15.0.3~dev3-12.27.1.noarch", product: { name: "venv-openstack-glance-aarch64-15.0.3~dev3-12.27.1.noarch", product_id: "venv-openstack-glance-aarch64-15.0.3~dev3-12.27.1.noarch", }, }, { category: "product_version", name: "venv-openstack-glance-ppc64le-15.0.3~dev3-12.27.1.noarch", product: { name: "venv-openstack-glance-ppc64le-15.0.3~dev3-12.27.1.noarch", product_id: "venv-openstack-glance-ppc64le-15.0.3~dev3-12.27.1.noarch", }, }, { category: "product_version", name: "venv-openstack-glance-s390x-15.0.3~dev3-12.27.1.noarch", product: { name: "venv-openstack-glance-s390x-15.0.3~dev3-12.27.1.noarch", product_id: "venv-openstack-glance-s390x-15.0.3~dev3-12.27.1.noarch", }, }, { category: "product_version", name: "venv-openstack-heat-aarch64-9.0.8~dev22-12.29.1.noarch", product: { name: "venv-openstack-heat-aarch64-9.0.8~dev22-12.29.1.noarch", product_id: "venv-openstack-heat-aarch64-9.0.8~dev22-12.29.1.noarch", }, }, { category: "product_version", name: "venv-openstack-heat-ppc64le-9.0.8~dev22-12.29.1.noarch", product: { name: "venv-openstack-heat-ppc64le-9.0.8~dev22-12.29.1.noarch", product_id: "venv-openstack-heat-ppc64le-9.0.8~dev22-12.29.1.noarch", }, }, { category: "product_version", name: "venv-openstack-heat-s390x-9.0.8~dev22-12.29.1.noarch", product: { name: "venv-openstack-heat-s390x-9.0.8~dev22-12.29.1.noarch", product_id: "venv-openstack-heat-s390x-9.0.8~dev22-12.29.1.noarch", }, }, { category: "product_version", name: "venv-openstack-horizon-aarch64-12.0.5~dev3-14.32.1.noarch", product: { name: "venv-openstack-horizon-aarch64-12.0.5~dev3-14.32.1.noarch", product_id: "venv-openstack-horizon-aarch64-12.0.5~dev3-14.32.1.noarch", }, }, { category: "product_version", name: "venv-openstack-horizon-hpe-aarch64-12.0.5~dev3-14.32.1.noarch", product: { name: "venv-openstack-horizon-hpe-aarch64-12.0.5~dev3-14.32.1.noarch", product_id: "venv-openstack-horizon-hpe-aarch64-12.0.5~dev3-14.32.1.noarch", }, }, { category: "product_version", name: "venv-openstack-horizon-hpe-ppc64le-12.0.5~dev3-14.32.1.noarch", product: { name: "venv-openstack-horizon-hpe-ppc64le-12.0.5~dev3-14.32.1.noarch", product_id: "venv-openstack-horizon-hpe-ppc64le-12.0.5~dev3-14.32.1.noarch", }, }, { category: "product_version", name: "venv-openstack-horizon-hpe-s390x-12.0.5~dev3-14.32.1.noarch", product: { name: "venv-openstack-horizon-hpe-s390x-12.0.5~dev3-14.32.1.noarch", product_id: "venv-openstack-horizon-hpe-s390x-12.0.5~dev3-14.32.1.noarch", }, }, { category: "product_version", name: "venv-openstack-horizon-ppc64le-12.0.5~dev3-14.32.1.noarch", product: { name: "venv-openstack-horizon-ppc64le-12.0.5~dev3-14.32.1.noarch", product_id: "venv-openstack-horizon-ppc64le-12.0.5~dev3-14.32.1.noarch", }, }, { category: "product_version", name: "venv-openstack-horizon-s390x-12.0.5~dev3-14.32.1.noarch", product: { name: "venv-openstack-horizon-s390x-12.0.5~dev3-14.32.1.noarch", product_id: "venv-openstack-horizon-s390x-12.0.5~dev3-14.32.1.noarch", }, }, { category: "product_version", name: "venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", product: { name: "venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", product_id: "venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", }, }, { category: "product_version", name: "venv-openstack-ironic-aarch64-9.1.8~dev8-12.29.1.noarch", product: { name: "venv-openstack-ironic-aarch64-9.1.8~dev8-12.29.1.noarch", product_id: "venv-openstack-ironic-aarch64-9.1.8~dev8-12.29.1.noarch", }, }, { category: "product_version", name: "venv-openstack-ironic-ppc64le-9.1.8~dev8-12.29.1.noarch", product: { name: "venv-openstack-ironic-ppc64le-9.1.8~dev8-12.29.1.noarch", product_id: "venv-openstack-ironic-ppc64le-9.1.8~dev8-12.29.1.noarch", }, }, { category: "product_version", name: "venv-openstack-ironic-s390x-9.1.8~dev8-12.29.1.noarch", product: { name: "venv-openstack-ironic-s390x-9.1.8~dev8-12.29.1.noarch", product_id: "venv-openstack-ironic-s390x-9.1.8~dev8-12.29.1.noarch", }, }, { category: "product_version", name: "venv-openstack-keystone-aarch64-12.0.4~dev11-11.30.1.noarch", product: { name: "venv-openstack-keystone-aarch64-12.0.4~dev11-11.30.1.noarch", product_id: "venv-openstack-keystone-aarch64-12.0.4~dev11-11.30.1.noarch", }, }, { category: "product_version", name: "venv-openstack-keystone-ppc64le-12.0.4~dev11-11.30.1.noarch", product: { name: "venv-openstack-keystone-ppc64le-12.0.4~dev11-11.30.1.noarch", product_id: "venv-openstack-keystone-ppc64le-12.0.4~dev11-11.30.1.noarch", }, }, { category: "product_version", name: "venv-openstack-keystone-s390x-12.0.4~dev11-11.30.1.noarch", product: { name: "venv-openstack-keystone-s390x-12.0.4~dev11-11.30.1.noarch", product_id: "venv-openstack-keystone-s390x-12.0.4~dev11-11.30.1.noarch", }, }, { category: "product_version", name: "venv-openstack-magnum-aarch64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", product: { name: "venv-openstack-magnum-aarch64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", product_id: "venv-openstack-magnum-aarch64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", }, }, { category: "product_version", name: "venv-openstack-magnum-ppc64le-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", product: { name: "venv-openstack-magnum-ppc64le-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", product_id: "venv-openstack-magnum-ppc64le-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", }, }, { category: "product_version", name: "venv-openstack-magnum-s390x-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", product: { name: "venv-openstack-magnum-s390x-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", product_id: "venv-openstack-magnum-s390x-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", }, }, { category: "product_version", name: "venv-openstack-manila-aarch64-5.1.1~dev5-12.33.1.noarch", product: { name: "venv-openstack-manila-aarch64-5.1.1~dev5-12.33.1.noarch", product_id: "venv-openstack-manila-aarch64-5.1.1~dev5-12.33.1.noarch", }, }, { category: "product_version", name: "venv-openstack-manila-ppc64le-5.1.1~dev5-12.33.1.noarch", product: { name: "venv-openstack-manila-ppc64le-5.1.1~dev5-12.33.1.noarch", product_id: "venv-openstack-manila-ppc64le-5.1.1~dev5-12.33.1.noarch", }, }, { category: "product_version", name: "venv-openstack-manila-s390x-5.1.1~dev5-12.33.1.noarch", product: { name: "venv-openstack-manila-s390x-5.1.1~dev5-12.33.1.noarch", product_id: "venv-openstack-manila-s390x-5.1.1~dev5-12.33.1.noarch", }, }, { category: "product_version", name: "venv-openstack-monasca-aarch64-2.2.2~dev1-11.24.1.noarch", product: { name: "venv-openstack-monasca-aarch64-2.2.2~dev1-11.24.1.noarch", product_id: "venv-openstack-monasca-aarch64-2.2.2~dev1-11.24.1.noarch", }, }, { category: "product_version", name: "venv-openstack-monasca-ceilometer-aarch64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", product: { name: "venv-openstack-monasca-ceilometer-aarch64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", product_id: "venv-openstack-monasca-ceilometer-aarch64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", }, }, { category: "product_version", name: "venv-openstack-monasca-ceilometer-ppc64le-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", product: { name: "venv-openstack-monasca-ceilometer-ppc64le-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", product_id: "venv-openstack-monasca-ceilometer-ppc64le-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", }, }, { category: "product_version", name: "venv-openstack-monasca-ceilometer-s390x-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", product: { name: "venv-openstack-monasca-ceilometer-s390x-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", product_id: "venv-openstack-monasca-ceilometer-s390x-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", }, }, { category: "product_version", name: "venv-openstack-monasca-ppc64le-2.2.2~dev1-11.24.1.noarch", product: { name: "venv-openstack-monasca-ppc64le-2.2.2~dev1-11.24.1.noarch", product_id: "venv-openstack-monasca-ppc64le-2.2.2~dev1-11.24.1.noarch", }, }, { category: "product_version", name: "venv-openstack-monasca-s390x-2.2.2~dev1-11.24.1.noarch", product: { name: "venv-openstack-monasca-s390x-2.2.2~dev1-11.24.1.noarch", product_id: "venv-openstack-monasca-s390x-2.2.2~dev1-11.24.1.noarch", }, }, { category: "product_version", name: "venv-openstack-murano-aarch64-4.0.2~dev2-12.24.1.noarch", product: { name: "venv-openstack-murano-aarch64-4.0.2~dev2-12.24.1.noarch", product_id: "venv-openstack-murano-aarch64-4.0.2~dev2-12.24.1.noarch", }, }, { category: "product_version", name: "venv-openstack-murano-ppc64le-4.0.2~dev2-12.24.1.noarch", product: { name: "venv-openstack-murano-ppc64le-4.0.2~dev2-12.24.1.noarch", product_id: "venv-openstack-murano-ppc64le-4.0.2~dev2-12.24.1.noarch", }, }, { category: "product_version", name: "venv-openstack-murano-s390x-4.0.2~dev2-12.24.1.noarch", product: { name: "venv-openstack-murano-s390x-4.0.2~dev2-12.24.1.noarch", product_id: "venv-openstack-murano-s390x-4.0.2~dev2-12.24.1.noarch", }, }, { category: "product_version", name: "venv-openstack-neutron-aarch64-11.0.9~dev69-13.32.1.noarch", product: { name: "venv-openstack-neutron-aarch64-11.0.9~dev69-13.32.1.noarch", product_id: "venv-openstack-neutron-aarch64-11.0.9~dev69-13.32.1.noarch", }, }, { category: "product_version", name: "venv-openstack-neutron-ppc64le-11.0.9~dev69-13.32.1.noarch", product: { name: "venv-openstack-neutron-ppc64le-11.0.9~dev69-13.32.1.noarch", product_id: "venv-openstack-neutron-ppc64le-11.0.9~dev69-13.32.1.noarch", }, }, { category: "product_version", name: "venv-openstack-neutron-s390x-11.0.9~dev69-13.32.1.noarch", product: { name: "venv-openstack-neutron-s390x-11.0.9~dev69-13.32.1.noarch", product_id: "venv-openstack-neutron-s390x-11.0.9~dev69-13.32.1.noarch", }, }, { category: "product_version", name: "venv-openstack-nova-aarch64-16.1.9~dev76-11.30.1.noarch", product: { name: "venv-openstack-nova-aarch64-16.1.9~dev76-11.30.1.noarch", product_id: "venv-openstack-nova-aarch64-16.1.9~dev76-11.30.1.noarch", }, }, { category: "product_version", name: "venv-openstack-nova-ppc64le-16.1.9~dev76-11.30.1.noarch", product: { name: "venv-openstack-nova-ppc64le-16.1.9~dev76-11.30.1.noarch", product_id: "venv-openstack-nova-ppc64le-16.1.9~dev76-11.30.1.noarch", }, }, { category: "product_version", name: "venv-openstack-nova-s390x-16.1.9~dev76-11.30.1.noarch", product: { name: "venv-openstack-nova-s390x-16.1.9~dev76-11.30.1.noarch", product_id: "venv-openstack-nova-s390x-16.1.9~dev76-11.30.1.noarch", }, }, { category: "product_version", name: "venv-openstack-octavia-aarch64-1.0.6~dev3-12.29.1.noarch", product: { name: "venv-openstack-octavia-aarch64-1.0.6~dev3-12.29.1.noarch", product_id: "venv-openstack-octavia-aarch64-1.0.6~dev3-12.29.1.noarch", }, }, { category: "product_version", name: "venv-openstack-octavia-ppc64le-1.0.6~dev3-12.29.1.noarch", product: { name: "venv-openstack-octavia-ppc64le-1.0.6~dev3-12.29.1.noarch", product_id: "venv-openstack-octavia-ppc64le-1.0.6~dev3-12.29.1.noarch", }, }, { category: "product_version", name: "venv-openstack-octavia-s390x-1.0.6~dev3-12.29.1.noarch", product: { name: "venv-openstack-octavia-s390x-1.0.6~dev3-12.29.1.noarch", product_id: "venv-openstack-octavia-s390x-1.0.6~dev3-12.29.1.noarch", }, }, { category: "product_version", name: "venv-openstack-sahara-aarch64-7.0.5~dev4-11.28.1.noarch", product: { name: "venv-openstack-sahara-aarch64-7.0.5~dev4-11.28.1.noarch", product_id: "venv-openstack-sahara-aarch64-7.0.5~dev4-11.28.1.noarch", }, }, { category: "product_version", name: "venv-openstack-sahara-ppc64le-7.0.5~dev4-11.28.1.noarch", product: { name: "venv-openstack-sahara-ppc64le-7.0.5~dev4-11.28.1.noarch", product_id: "venv-openstack-sahara-ppc64le-7.0.5~dev4-11.28.1.noarch", }, }, { category: "product_version", name: "venv-openstack-sahara-s390x-7.0.5~dev4-11.28.1.noarch", product: { name: "venv-openstack-sahara-s390x-7.0.5~dev4-11.28.1.noarch", product_id: "venv-openstack-sahara-s390x-7.0.5~dev4-11.28.1.noarch", }, }, { category: "product_version", name: "venv-openstack-swift-aarch64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", product: { name: "venv-openstack-swift-aarch64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", product_id: "venv-openstack-swift-aarch64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", }, }, { category: "product_version", name: "venv-openstack-swift-ppc64le-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", product: { name: "venv-openstack-swift-ppc64le-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", product_id: "venv-openstack-swift-ppc64le-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", }, }, { category: "product_version", name: "venv-openstack-swift-s390x-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", product: { name: "venv-openstack-swift-s390x-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", product_id: "venv-openstack-swift-s390x-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", }, }, { category: "product_version", name: "venv-openstack-trove-aarch64-8.0.2~dev2-11.28.1.noarch", product: { name: "venv-openstack-trove-aarch64-8.0.2~dev2-11.28.1.noarch", product_id: "venv-openstack-trove-aarch64-8.0.2~dev2-11.28.1.noarch", }, }, { category: "product_version", name: "venv-openstack-trove-ppc64le-8.0.2~dev2-11.28.1.noarch", product: { name: "venv-openstack-trove-ppc64le-8.0.2~dev2-11.28.1.noarch", product_id: "venv-openstack-trove-ppc64le-8.0.2~dev2-11.28.1.noarch", }, }, { category: "product_version", name: "venv-openstack-trove-s390x-8.0.2~dev2-11.28.1.noarch", product: { name: "venv-openstack-trove-s390x-8.0.2~dev2-11.28.1.noarch", product_id: "venv-openstack-trove-s390x-8.0.2~dev2-11.28.1.noarch", }, }, { category: "product_version", name: "venv-openstack-zaqar-aarch64-5.0.1-10.12.1.noarch", product: { name: "venv-openstack-zaqar-aarch64-5.0.1-10.12.1.noarch", product_id: "venv-openstack-zaqar-aarch64-5.0.1-10.12.1.noarch", }, }, { category: "product_version", name: "venv-openstack-zaqar-ppc64le-5.0.1-10.12.1.noarch", product: { name: "venv-openstack-zaqar-ppc64le-5.0.1-10.12.1.noarch", product_id: "venv-openstack-zaqar-ppc64le-5.0.1-10.12.1.noarch", }, }, { category: "product_version", name: "venv-openstack-zaqar-s390x-5.0.1-10.12.1.noarch", product: { name: "venv-openstack-zaqar-s390x-5.0.1-10.12.1.noarch", product_id: "venv-openstack-zaqar-s390x-5.0.1-10.12.1.noarch", }, }, { category: "product_version", name: "venv-openstack-zaqar-x86_64-5.0.1-10.12.1.noarch", product: { name: "venv-openstack-zaqar-x86_64-5.0.1-10.12.1.noarch", product_id: "venv-openstack-zaqar-x86_64-5.0.1-10.12.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "ansible-2.9.14-3.15.1.ppc64le", product: { name: "ansible-2.9.14-3.15.1.ppc64le", product_id: "ansible-2.9.14-3.15.1.ppc64le", }, }, { category: "product_version", name: "ansible-doc-2.9.14-3.15.1.ppc64le", product: { name: "ansible-doc-2.9.14-3.15.1.ppc64le", product_id: "ansible-doc-2.9.14-3.15.1.ppc64le", }, }, { category: "product_version", name: "ansible-test-2.9.14-3.15.1.ppc64le", product: { name: "ansible-test-2.9.14-3.15.1.ppc64le", product_id: "ansible-test-2.9.14-3.15.1.ppc64le", }, }, { category: "product_version", name: "crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.ppc64le", product: { name: "crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.ppc64le", product_id: "crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.ppc64le", }, }, { category: "product_version", name: "crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.ppc64le", product: { name: "crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.ppc64le", product_id: "crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.ppc64le", }, }, { category: "product_version", name: "crowbar-core-devel-5.0+git.1600432272.b3ad722f0-3.44.1.ppc64le", product: { name: "crowbar-core-devel-5.0+git.1600432272.b3ad722f0-3.44.1.ppc64le", product_id: "crowbar-core-devel-5.0+git.1600432272.b3ad722f0-3.44.1.ppc64le", }, }, { category: "product_version", name: "go1.14-1.14.10-1.3.2.ppc64le", product: { name: "go1.14-1.14.10-1.3.2.ppc64le", product_id: "go1.14-1.14.10-1.3.2.ppc64le", }, }, { category: "product_version", name: "go1.14-doc-1.14.10-1.3.2.ppc64le", product: { name: "go1.14-doc-1.14.10-1.3.2.ppc64le", product_id: "go1.14-doc-1.14.10-1.3.2.ppc64le", }, }, { category: "product_version", name: "grafana-6.7.4-4.12.1.ppc64le", product: { name: "grafana-6.7.4-4.12.1.ppc64le", product_id: "grafana-6.7.4-4.12.1.ppc64le", }, }, { category: "product_version", name: "python-Pillow-4.2.1-3.9.2.ppc64le", product: { name: "python-Pillow-4.2.1-3.9.2.ppc64le", product_id: "python-Pillow-4.2.1-3.9.2.ppc64le", }, }, { category: "product_version", name: "python3-Pillow-4.2.1-3.9.2.ppc64le", product: { name: "python3-Pillow-4.2.1-3.9.2.ppc64le", product_id: "python3-Pillow-4.2.1-3.9.2.ppc64le", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-3.9.3-1.1.ppc64le", product: { name: "ruby2.1-rubygem-crowbar-client-3.9.3-1.1.ppc64le", product_id: "ruby2.1-rubygem-crowbar-client-3.9.3-1.1.ppc64le", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-doc-3.9.3-1.1.ppc64le", product: { name: "ruby2.1-rubygem-crowbar-client-doc-3.9.3-1.1.ppc64le", product_id: "ruby2.1-rubygem-crowbar-client-doc-3.9.3-1.1.ppc64le", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.3-1.1.ppc64le", product: { name: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.3-1.1.ppc64le", product_id: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.3-1.1.ppc64le", }, }, { category: "product_version", name: "storm-1.2.3-3.6.1.ppc64le", product: { name: "storm-1.2.3-3.6.1.ppc64le", product_id: "storm-1.2.3-3.6.1.ppc64le", }, }, { category: "product_version", name: "storm-doc-1.2.3-3.6.1.ppc64le", product: { name: "storm-doc-1.2.3-3.6.1.ppc64le", product_id: "storm-doc-1.2.3-3.6.1.ppc64le", }, }, { category: "product_version", name: "storm-logviewer-1.2.3-3.6.1.ppc64le", product: { name: "storm-logviewer-1.2.3-3.6.1.ppc64le", product_id: "storm-logviewer-1.2.3-3.6.1.ppc64le", }, }, { category: "product_version", name: "storm-nimbus-1.2.3-3.6.1.ppc64le", product: { name: "storm-nimbus-1.2.3-3.6.1.ppc64le", product_id: "storm-nimbus-1.2.3-3.6.1.ppc64le", }, }, { category: "product_version", name: "storm-pacemaker-1.2.3-3.6.1.ppc64le", product: { name: "storm-pacemaker-1.2.3-3.6.1.ppc64le", product_id: "storm-pacemaker-1.2.3-3.6.1.ppc64le", }, }, { category: "product_version", name: "storm-supervisor-1.2.3-3.6.1.ppc64le", product: { name: "storm-supervisor-1.2.3-3.6.1.ppc64le", product_id: "storm-supervisor-1.2.3-3.6.1.ppc64le", }, }, { category: "product_version", name: "storm-ui-1.2.3-3.6.1.ppc64le", product: { name: "storm-ui-1.2.3-3.6.1.ppc64le", product_id: "storm-ui-1.2.3-3.6.1.ppc64le", }, }, { category: "product_version", name: "storm-zookeeper-1.2.3-3.6.1.ppc64le", product: { name: "storm-zookeeper-1.2.3-3.6.1.ppc64le", product_id: "storm-zookeeper-1.2.3-3.6.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "ansible-2.9.14-3.15.1.s390x", product: { name: "ansible-2.9.14-3.15.1.s390x", product_id: "ansible-2.9.14-3.15.1.s390x", }, }, { category: "product_version", name: "ansible-doc-2.9.14-3.15.1.s390x", product: { name: "ansible-doc-2.9.14-3.15.1.s390x", product_id: "ansible-doc-2.9.14-3.15.1.s390x", }, }, { category: "product_version", name: "ansible-test-2.9.14-3.15.1.s390x", product: { name: "ansible-test-2.9.14-3.15.1.s390x", product_id: "ansible-test-2.9.14-3.15.1.s390x", }, }, { category: "product_version", name: "crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.s390x", product: { name: "crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.s390x", product_id: "crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.s390x", }, }, { category: "product_version", name: "crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.s390x", product: { name: "crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.s390x", product_id: "crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.s390x", }, }, { category: "product_version", name: "crowbar-core-devel-5.0+git.1600432272.b3ad722f0-3.44.1.s390x", product: { name: "crowbar-core-devel-5.0+git.1600432272.b3ad722f0-3.44.1.s390x", product_id: "crowbar-core-devel-5.0+git.1600432272.b3ad722f0-3.44.1.s390x", }, }, { category: "product_version", name: "go1.14-1.14.10-1.3.2.s390x", product: { name: "go1.14-1.14.10-1.3.2.s390x", product_id: "go1.14-1.14.10-1.3.2.s390x", }, }, { category: "product_version", name: "go1.14-doc-1.14.10-1.3.2.s390x", product: { name: "go1.14-doc-1.14.10-1.3.2.s390x", product_id: "go1.14-doc-1.14.10-1.3.2.s390x", }, }, { category: "product_version", name: "grafana-6.7.4-4.12.1.s390x", product: { name: "grafana-6.7.4-4.12.1.s390x", product_id: "grafana-6.7.4-4.12.1.s390x", }, }, { category: "product_version", name: "python-Pillow-4.2.1-3.9.2.s390x", product: { name: "python-Pillow-4.2.1-3.9.2.s390x", product_id: "python-Pillow-4.2.1-3.9.2.s390x", }, }, { category: "product_version", name: "python3-Pillow-4.2.1-3.9.2.s390x", product: { name: "python3-Pillow-4.2.1-3.9.2.s390x", product_id: "python3-Pillow-4.2.1-3.9.2.s390x", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-3.9.3-1.1.s390x", product: { name: "ruby2.1-rubygem-crowbar-client-3.9.3-1.1.s390x", product_id: "ruby2.1-rubygem-crowbar-client-3.9.3-1.1.s390x", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-doc-3.9.3-1.1.s390x", product: { name: "ruby2.1-rubygem-crowbar-client-doc-3.9.3-1.1.s390x", product_id: "ruby2.1-rubygem-crowbar-client-doc-3.9.3-1.1.s390x", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.3-1.1.s390x", product: { name: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.3-1.1.s390x", product_id: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.3-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "ansible-2.9.14-3.15.1.x86_64", product: { name: "ansible-2.9.14-3.15.1.x86_64", product_id: "ansible-2.9.14-3.15.1.x86_64", }, }, { category: "product_version", name: "grafana-6.7.4-4.12.1.x86_64", product: { name: "grafana-6.7.4-4.12.1.x86_64", product_id: "grafana-6.7.4-4.12.1.x86_64", }, }, { category: "product_version", name: "python-Pillow-4.2.1-3.9.2.x86_64", product: { name: "python-Pillow-4.2.1-3.9.2.x86_64", product_id: "python-Pillow-4.2.1-3.9.2.x86_64", }, }, { category: "product_version", name: "storm-1.2.3-3.6.1.x86_64", product: { name: "storm-1.2.3-3.6.1.x86_64", product_id: "storm-1.2.3-3.6.1.x86_64", }, }, { category: "product_version", name: "storm-nimbus-1.2.3-3.6.1.x86_64", product: { name: "storm-nimbus-1.2.3-3.6.1.x86_64", product_id: "storm-nimbus-1.2.3-3.6.1.x86_64", }, }, { category: "product_version", name: "storm-supervisor-1.2.3-3.6.1.x86_64", product: { name: "storm-supervisor-1.2.3-3.6.1.x86_64", product_id: "storm-supervisor-1.2.3-3.6.1.x86_64", }, }, { category: "product_version", name: "ansible-doc-2.9.14-3.15.1.x86_64", product: { name: "ansible-doc-2.9.14-3.15.1.x86_64", product_id: "ansible-doc-2.9.14-3.15.1.x86_64", }, }, { category: "product_version", name: "ansible-test-2.9.14-3.15.1.x86_64", product: { name: "ansible-test-2.9.14-3.15.1.x86_64", product_id: "ansible-test-2.9.14-3.15.1.x86_64", }, }, { category: "product_version", name: "crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", product: { name: "crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", product_id: "crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", }, }, { category: "product_version", name: "crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", product: { name: "crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", product_id: "crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", }, }, { category: "product_version", name: "crowbar-core-devel-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", product: { name: "crowbar-core-devel-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", product_id: "crowbar-core-devel-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", }, }, { category: "product_version", name: "go1.14-1.14.10-1.3.2.x86_64", product: { name: "go1.14-1.14.10-1.3.2.x86_64", product_id: "go1.14-1.14.10-1.3.2.x86_64", }, }, { category: "product_version", name: "go1.14-doc-1.14.10-1.3.2.x86_64", product: { name: "go1.14-doc-1.14.10-1.3.2.x86_64", product_id: "go1.14-doc-1.14.10-1.3.2.x86_64", }, }, { category: "product_version", name: "python3-Pillow-4.2.1-3.9.2.x86_64", product: { name: "python3-Pillow-4.2.1-3.9.2.x86_64", product_id: "python3-Pillow-4.2.1-3.9.2.x86_64", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", product: { name: "ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", product_id: "ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-doc-3.9.3-1.1.x86_64", product: { name: "ruby2.1-rubygem-crowbar-client-doc-3.9.3-1.1.x86_64", product_id: "ruby2.1-rubygem-crowbar-client-doc-3.9.3-1.1.x86_64", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.3-1.1.x86_64", product: { name: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.3-1.1.x86_64", product_id: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.3-1.1.x86_64", }, }, { category: "product_version", name: "storm-doc-1.2.3-3.6.1.x86_64", product: { name: "storm-doc-1.2.3-3.6.1.x86_64", product_id: "storm-doc-1.2.3-3.6.1.x86_64", }, }, { category: "product_version", name: "storm-logviewer-1.2.3-3.6.1.x86_64", product: { name: "storm-logviewer-1.2.3-3.6.1.x86_64", product_id: "storm-logviewer-1.2.3-3.6.1.x86_64", }, }, { category: "product_version", name: "storm-pacemaker-1.2.3-3.6.1.x86_64", product: { name: "storm-pacemaker-1.2.3-3.6.1.x86_64", product_id: "storm-pacemaker-1.2.3-3.6.1.x86_64", }, }, { category: "product_version", name: "storm-ui-1.2.3-3.6.1.x86_64", product: { name: "storm-ui-1.2.3-3.6.1.x86_64", product_id: "storm-ui-1.2.3-3.6.1.x86_64", }, }, { category: "product_version", name: "storm-zookeeper-1.2.3-3.6.1.x86_64", product: { name: "storm-zookeeper-1.2.3-3.6.1.x86_64", product_id: "storm-zookeeper-1.2.3-3.6.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "HPE Helion OpenStack 8", product: { name: "HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8", product_identification_helper: { cpe: "cpe:/o:suse:hpe-helion-openstack:8", }, }, }, { category: "product_name", name: "SUSE OpenStack Cloud 8", product: { name: "SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud:8", }, }, }, { category: "product_name", name: "SUSE OpenStack Cloud Crowbar 8", product: { name: "SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud-crowbar:8", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-2.9.14-3.15.1.x86_64 as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", }, product_reference: "ansible-2.9.14-3.15.1.x86_64", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", }, product_reference: "ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", }, product_reference: "ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", }, product_reference: "ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", }, product_reference: "ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", }, product_reference: "ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", }, product_reference: "ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", }, product_reference: "documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", }, product_reference: "documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", }, product_reference: "documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", }, product_reference: "documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", }, product_reference: "documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", }, product_reference: "documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "grafana-6.7.4-4.12.1.x86_64 as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", }, product_reference: "grafana-6.7.4-4.12.1.x86_64", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "grafana-natel-discrete-panel-0.0.9-3.3.6.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", }, product_reference: "grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-11.2.3~dev29-3.28.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", }, product_reference: "openstack-cinder-11.2.3~dev29-3.28.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-api-11.2.3~dev29-3.28.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", }, product_reference: "openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", }, product_reference: "openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", }, product_reference: "openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", }, product_reference: "openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", }, product_reference: "openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-monasca-installer-20190923_16.32-3.15.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", }, product_reference: "openstack-monasca-installer-20190923_16.32-3.15.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-11.0.9~dev69-3.37.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", }, product_reference: "openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-server-11.0.9~dev69-3.37.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-16.1.9~dev76-3.39.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-api-16.1.9~dev76-3.39.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-api-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-cells-16.1.9~dev76-3.39.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-compute-16.1.9~dev76-3.39.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-console-16.1.9~dev76-3.39.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-console-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-doc-16.1.9~dev76-3.39.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", }, product_reference: "openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "python-Django-1.11.29-3.19.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", }, product_reference: "python-Django-1.11.29-3.19.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "python-Flask-Cors-3.0.3-3.3.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", }, product_reference: "python-Flask-Cors-3.0.3-3.3.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "python-Pillow-4.2.1-3.9.2.x86_64 as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", }, product_reference: "python-Pillow-4.2.1-3.9.2.x86_64", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "python-ardana-packager-0.0.3-7.7.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", }, product_reference: "python-ardana-packager-0.0.3-7.7.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "python-cinder-11.2.3~dev29-3.28.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", }, product_reference: "python-cinder-11.2.3~dev29-3.28.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "python-keystoneclient-3.13.1-3.3.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", }, product_reference: "python-keystoneclient-3.13.1-3.3.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "python-keystoneclient-doc-3.13.1-3.3.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", }, product_reference: "python-keystoneclient-doc-3.13.1-3.3.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "python-keystonemiddleware-4.17.1-5.3.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", }, product_reference: "python-keystonemiddleware-4.17.1-5.3.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "python-kombu-4.1.0-3.7.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", }, product_reference: "python-kombu-4.1.0-3.7.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "python-neutron-11.0.9~dev69-3.37.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", }, product_reference: "python-neutron-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "python-nova-16.1.9~dev76-3.39.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", }, product_reference: "python-nova-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "python-urllib3-1.22-5.12.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", }, product_reference: "python-urllib3-1.22-5.12.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", }, product_reference: "release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "storm-1.2.3-3.6.1.x86_64 as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", }, product_reference: "storm-1.2.3-3.6.1.x86_64", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "storm-nimbus-1.2.3-3.6.1.x86_64 as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", }, product_reference: "storm-nimbus-1.2.3-3.6.1.x86_64", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "storm-supervisor-1.2.3-3.6.1.x86_64 as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", }, product_reference: "storm-supervisor-1.2.3-3.6.1.x86_64", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", }, product_reference: "venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", }, product_reference: "venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", }, product_reference: "venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", }, product_reference: "venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", }, product_reference: "venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", }, product_reference: "venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", }, product_reference: "venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", }, product_reference: "venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", }, product_reference: "venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", }, product_reference: "venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", }, product_reference: "venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", }, product_reference: "venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", }, product_reference: "venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", }, product_reference: "venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", }, product_reference: "venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", }, product_reference: "venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", }, product_reference: "venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", }, product_reference: "venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", }, product_reference: "venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", }, product_reference: "venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", }, product_reference: "venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", }, product_reference: "venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "ansible-2.9.14-3.15.1.x86_64 as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", }, product_reference: "ansible-2.9.14-3.15.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", }, product_reference: "ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", }, product_reference: "ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", }, product_reference: "ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", }, product_reference: "ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", }, product_reference: "ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", }, product_reference: "ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "grafana-6.7.4-4.12.1.x86_64 as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", }, product_reference: "grafana-6.7.4-4.12.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "grafana-natel-discrete-panel-0.0.9-3.3.6.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", }, product_reference: "grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-11.2.3~dev29-3.28.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", }, product_reference: "openstack-cinder-11.2.3~dev29-3.28.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-api-11.2.3~dev29-3.28.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", }, product_reference: "openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", }, product_reference: "openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", }, product_reference: "openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", }, product_reference: "openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", }, product_reference: "openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-monasca-installer-20190923_16.32-3.15.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", }, product_reference: "openstack-monasca-installer-20190923_16.32-3.15.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-11.0.9~dev69-3.37.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", }, product_reference: "openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-server-11.0.9~dev69-3.37.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-api-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-api-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-cells-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-compute-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-console-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-console-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-doc-16.1.9~dev76-3.39.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", }, product_reference: "openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "python-Django-1.11.29-3.19.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", }, product_reference: "python-Django-1.11.29-3.19.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "python-Flask-Cors-3.0.3-3.3.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", }, product_reference: "python-Flask-Cors-3.0.3-3.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "python-Pillow-4.2.1-3.9.2.x86_64 as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", }, product_reference: "python-Pillow-4.2.1-3.9.2.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "python-ardana-packager-0.0.3-7.7.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", }, product_reference: "python-ardana-packager-0.0.3-7.7.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "python-cinder-11.2.3~dev29-3.28.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", }, product_reference: "python-cinder-11.2.3~dev29-3.28.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "python-keystoneclient-3.13.1-3.3.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", }, product_reference: "python-keystoneclient-3.13.1-3.3.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "python-keystoneclient-doc-3.13.1-3.3.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", }, product_reference: "python-keystoneclient-doc-3.13.1-3.3.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "python-keystonemiddleware-4.17.1-5.3.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", }, product_reference: "python-keystonemiddleware-4.17.1-5.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "python-kombu-4.1.0-3.7.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", }, product_reference: "python-kombu-4.1.0-3.7.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "python-neutron-11.0.9~dev69-3.37.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", }, product_reference: "python-neutron-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "python-nova-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", }, product_reference: "python-nova-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "python-straight-plugin-1.5.0-1.3.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", }, product_reference: "python-straight-plugin-1.5.0-1.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "python-urllib3-1.22-5.12.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", }, product_reference: "python-urllib3-1.22-5.12.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", }, product_reference: "release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "storm-1.2.3-3.6.1.x86_64 as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", }, product_reference: "storm-1.2.3-3.6.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "storm-nimbus-1.2.3-3.6.1.x86_64 as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", }, product_reference: "storm-nimbus-1.2.3-3.6.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "storm-supervisor-1.2.3-3.6.1.x86_64 as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", }, product_reference: "storm-supervisor-1.2.3-3.6.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", }, product_reference: "venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", }, product_reference: "venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", }, product_reference: "venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", }, product_reference: "venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", }, product_reference: "venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", }, product_reference: "venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", }, product_reference: "venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", }, product_reference: "venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", }, product_reference: "venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", }, product_reference: "venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", }, product_reference: "venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", }, product_reference: "venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", }, product_reference: "venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", }, product_reference: "venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", }, product_reference: "venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", }, product_reference: "venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", }, product_reference: "venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", }, product_reference: "venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", }, product_reference: "venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", }, product_reference: "venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", }, product_reference: "venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", }, product_reference: "venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "ansible-2.9.14-3.15.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", }, product_reference: "ansible-2.9.14-3.15.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", }, product_reference: "crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", }, product_reference: "crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", }, product_reference: "crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "grafana-6.7.4-4.12.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", }, product_reference: "grafana-6.7.4-4.12.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "grafana-natel-discrete-panel-0.0.9-3.3.6.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", }, product_reference: "grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-11.2.3~dev29-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", }, product_reference: "openstack-cinder-11.2.3~dev29-3.28.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-api-11.2.3~dev29-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", }, product_reference: "openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", }, product_reference: "openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", }, product_reference: "openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", }, product_reference: "openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", }, product_reference: "openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-monasca-installer-20190923_16.32-3.15.1.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", }, product_reference: "openstack-monasca-installer-20190923_16.32-3.15.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-11.0.9~dev69-3.37.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", }, product_reference: "openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-server-11.0.9~dev69-3.37.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", }, product_reference: "openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-api-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-api-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-cells-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-compute-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-console-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-console-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-doc-16.1.9~dev76-3.39.1.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", }, product_reference: "openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", }, product_reference: "openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "python-Django-1.11.29-3.19.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", }, product_reference: "python-Django-1.11.29-3.19.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "python-Pillow-4.2.1-3.9.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", }, product_reference: "python-Pillow-4.2.1-3.9.2.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "python-cinder-11.2.3~dev29-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", }, product_reference: "python-cinder-11.2.3~dev29-3.28.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "python-keystoneclient-3.13.1-3.3.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", }, product_reference: "python-keystoneclient-3.13.1-3.3.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "python-keystoneclient-doc-3.13.1-3.3.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", }, product_reference: "python-keystoneclient-doc-3.13.1-3.3.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "python-keystonemiddleware-4.17.1-5.3.1.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", }, product_reference: "python-keystonemiddleware-4.17.1-5.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "python-kombu-4.1.0-3.7.1.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", }, product_reference: "python-kombu-4.1.0-3.7.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "python-neutron-11.0.9~dev69-3.37.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", }, product_reference: "python-neutron-11.0.9~dev69-3.37.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "python-nova-16.1.9~dev76-3.39.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", }, product_reference: "python-nova-16.1.9~dev76-3.39.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "python-straight-plugin-1.5.0-1.3.1.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", }, product_reference: "python-straight-plugin-1.5.0-1.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "python-urllib3-1.22-5.12.1.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", }, product_reference: "python-urllib3-1.22-5.12.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", }, product_reference: "release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", }, product_reference: "ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "storm-1.2.3-3.6.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", }, product_reference: "storm-1.2.3-3.6.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "storm-nimbus-1.2.3-3.6.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", }, product_reference: "storm-nimbus-1.2.3-3.6.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "storm-supervisor-1.2.3-3.6.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", }, product_reference: "storm-supervisor-1.2.3-3.6.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, ], }, vulnerabilities: [ { cve: "CVE-2016-8614", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-8614", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-8614", url: "https://www.suse.com/security/cve/CVE-2016-8614", }, { category: "external", summary: "SUSE Bug 1008038 for CVE-2016-8614", url: "https://bugzilla.suse.com/1008038", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2016-8614", }, { cve: "CVE-2016-8628", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-8628", }, ], notes: [ { category: "general", text: "Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-8628", url: "https://www.suse.com/security/cve/CVE-2016-8628", }, { category: "external", summary: "SUSE Bug 1008037 for CVE-2016-8628", url: "https://bugzilla.suse.com/1008037", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2016-8628", }, { cve: "CVE-2016-8647", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-8647", }, ], notes: [ { category: "general", text: "An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-8647", url: "https://www.suse.com/security/cve/CVE-2016-8647", }, { category: "external", summary: "SUSE Bug 1008038 for CVE-2016-8647", url: "https://bugzilla.suse.com/1008038", }, { category: "external", summary: "SUSE Bug 1010940 for CVE-2016-8647", url: "https://bugzilla.suse.com/1010940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "low", }, ], title: "CVE-2016-8647", }, { cve: "CVE-2016-9587", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-9587", }, ], notes: [ { category: "general", text: "Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-9587", url: "https://www.suse.com/security/cve/CVE-2016-9587", }, { category: "external", summary: "SUSE Bug 1019021 for CVE-2016-9587", url: "https://bugzilla.suse.com/1019021", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "important", }, ], title: "CVE-2016-9587", }, { cve: "CVE-2017-7466", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7466", }, ], notes: [ { category: "general", text: "Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7466", url: "https://www.suse.com/security/cve/CVE-2017-7466", }, { category: "external", summary: "SUSE Bug 1019021 for CVE-2017-7466", url: "https://bugzilla.suse.com/1019021", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "important", }, ], title: "CVE-2017-7466", }, { cve: "CVE-2017-7550", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7550", }, ], notes: [ { category: "general", text: "A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the \"params\" argument, and noting this in the module documentation.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7550", url: "https://www.suse.com/security/cve/CVE-2017-7550", }, { category: "external", summary: "SUSE Bug 1035124 for CVE-2017-7550", url: "https://bugzilla.suse.com/1035124", }, { category: "external", summary: "SUSE Bug 1065872 for CVE-2017-7550", url: "https://bugzilla.suse.com/1065872", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "important", }, ], title: "CVE-2017-7550", }, { cve: "CVE-2018-10875", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10875", }, ], notes: [ { category: "general", text: "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-10875", url: "https://www.suse.com/security/cve/CVE-2018-10875", }, { category: "external", summary: "SUSE Bug 1099808 for CVE-2018-10875", url: "https://bugzilla.suse.com/1099808", }, { category: "external", summary: "SUSE Bug 1109957 for CVE-2018-10875", url: "https://bugzilla.suse.com/1109957", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "important", }, ], title: "CVE-2018-10875", }, { cve: "CVE-2018-11779", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-11779", }, ], notes: [ { category: "general", text: "In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-11779", url: "https://www.suse.com/security/cve/CVE-2018-11779", }, { category: "external", summary: "SUSE Bug 1143163 for CVE-2018-11779", url: "https://bugzilla.suse.com/1143163", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "important", }, ], title: "CVE-2018-11779", }, { cve: "CVE-2018-16837", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16837", }, ], notes: [ { category: "general", text: "Ansible \"User\" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16837", url: "https://www.suse.com/security/cve/CVE-2018-16837", }, { category: "external", summary: "SUSE Bug 1112959 for CVE-2018-16837", url: "https://bugzilla.suse.com/1112959", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "important", }, ], title: "CVE-2018-16837", }, { cve: "CVE-2018-16859", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16859", }, ], notes: [ { category: "general", text: "Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16859", url: "https://www.suse.com/security/cve/CVE-2018-16859", }, { category: "external", summary: "SUSE Bug 1109957 for CVE-2018-16859", url: "https://bugzilla.suse.com/1109957", }, { category: "external", summary: "SUSE Bug 1116587 for CVE-2018-16859", url: "https://bugzilla.suse.com/1116587", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2018-16859", }, { cve: "CVE-2018-16876", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16876", }, ], notes: [ { category: "general", text: "ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16876", url: "https://www.suse.com/security/cve/CVE-2018-16876", }, { category: "external", summary: "SUSE Bug 1109957 for CVE-2018-16876", url: "https://bugzilla.suse.com/1109957", }, { category: "external", summary: "SUSE Bug 1118896 for CVE-2018-16876", url: "https://bugzilla.suse.com/1118896", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "low", }, ], title: "CVE-2018-16876", }, { cve: "CVE-2018-18623", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-18623", }, ], notes: [ { category: "general", text: "Grafana 5.3.1 has XSS via the \"Dashboard > Text Panel\" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-18623", url: "https://www.suse.com/security/cve/CVE-2018-18623", }, { category: "external", summary: "SUSE Bug 1172450 for CVE-2018-18623", url: "https://bugzilla.suse.com/1172450", }, { category: "external", summary: "SUSE Bug 1174583 for CVE-2018-18623", url: "https://bugzilla.suse.com/1174583", }, { category: "external", summary: "SUSE Bug 1175951 for CVE-2018-18623", url: "https://bugzilla.suse.com/1175951", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2018-18623", }, { cve: "CVE-2018-18624", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-18624", }, ], notes: [ { category: "general", text: "Grafana 5.3.1 has XSS via a column style on the \"Dashboard > Table Panel\" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-18624", url: "https://www.suse.com/security/cve/CVE-2018-18624", }, { category: "external", summary: "SUSE Bug 1172450 for CVE-2018-18624", url: "https://bugzilla.suse.com/1172450", }, { category: "external", summary: "SUSE Bug 1174583 for CVE-2018-18624", url: "https://bugzilla.suse.com/1174583", }, { category: "external", summary: "SUSE Bug 1175951 for CVE-2018-18624", url: "https://bugzilla.suse.com/1175951", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2018-18624", }, { cve: "CVE-2018-18625", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-18625", }, ], notes: [ { category: "general", text: "Grafana 5.3.1 has XSS via a link on the \"Dashboard > All Panels > General\" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-18625", url: "https://www.suse.com/security/cve/CVE-2018-18625", }, { category: "external", summary: "SUSE Bug 1172450 for CVE-2018-18625", url: "https://bugzilla.suse.com/1172450", }, { category: "external", summary: "SUSE Bug 1174583 for CVE-2018-18625", url: "https://bugzilla.suse.com/1174583", }, { category: "external", summary: "SUSE Bug 1175951 for CVE-2018-18625", url: "https://bugzilla.suse.com/1175951", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2018-18625", }, { cve: "CVE-2019-0202", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-0202", }, ], notes: [ { category: "general", text: "The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-0202", url: "https://www.suse.com/security/cve/CVE-2019-0202", }, { category: "external", summary: "SUSE Bug 1142617 for CVE-2019-0202", url: "https://bugzilla.suse.com/1142617", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2019-0202", }, { cve: "CVE-2019-10156", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-10156", }, ], notes: [ { category: "general", text: "A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-10156", url: "https://www.suse.com/security/cve/CVE-2019-10156", }, { category: "external", summary: "SUSE Bug 1137528 for CVE-2019-10156", url: "https://bugzilla.suse.com/1137528", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2019-10156", }, { cve: "CVE-2019-10206", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-10206", }, ], notes: [ { category: "general", text: "ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-10206", url: "https://www.suse.com/security/cve/CVE-2019-10206", }, { category: "external", summary: "SUSE Bug 1142690 for CVE-2019-10206", url: "https://bugzilla.suse.com/1142690", }, { category: "external", summary: "SUSE Bug 1154232 for CVE-2019-10206", url: "https://bugzilla.suse.com/1154232", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2019-10206", }, { cve: "CVE-2019-10217", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-10217", }, ], notes: [ { category: "general", text: "A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-10217", url: "https://www.suse.com/security/cve/CVE-2019-10217", }, { category: "external", summary: "SUSE Bug 1144453 for CVE-2019-10217", url: "https://bugzilla.suse.com/1144453", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2019-10217", }, { cve: "CVE-2019-14846", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14846", }, ], notes: [ { category: "general", text: "In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14846", url: "https://www.suse.com/security/cve/CVE-2019-14846", }, { category: "external", summary: "SUSE Bug 1153452 for CVE-2019-14846", url: "https://bugzilla.suse.com/1153452", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "low", }, ], title: "CVE-2019-14846", }, { cve: "CVE-2019-14856", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14856", }, ], notes: [ { category: "general", text: "ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14856", url: "https://www.suse.com/security/cve/CVE-2019-14856", }, { category: "external", summary: "SUSE Bug 1154232 for CVE-2019-14856", url: "https://bugzilla.suse.com/1154232", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "low", }, ], title: "CVE-2019-14856", }, { cve: "CVE-2019-14858", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14858", }, ], notes: [ { category: "general", text: "A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14858", url: "https://www.suse.com/security/cve/CVE-2019-14858", }, { category: "external", summary: "SUSE Bug 1154231 for CVE-2019-14858", url: "https://bugzilla.suse.com/1154231", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "low", }, ], title: "CVE-2019-14858", }, { cve: "CVE-2019-14864", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14864", }, ], notes: [ { category: "general", text: "Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14864", url: "https://www.suse.com/security/cve/CVE-2019-14864", }, { category: "external", summary: "SUSE Bug 1154830 for CVE-2019-14864", url: "https://bugzilla.suse.com/1154830", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2019-14864", }, { cve: "CVE-2019-14904", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14904", }, ], notes: [ { category: "general", text: "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14904", url: "https://www.suse.com/security/cve/CVE-2019-14904", }, { category: "external", summary: "SUSE Bug 1157968 for CVE-2019-14904", url: "https://bugzilla.suse.com/1157968", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "important", }, ], title: "CVE-2019-14904", }, { cve: "CVE-2019-14905", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14905", }, ], notes: [ { category: "general", text: "A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14905", url: "https://www.suse.com/security/cve/CVE-2019-14905", }, { category: "external", summary: "SUSE Bug 1157969 for CVE-2019-14905", url: "https://bugzilla.suse.com/1157969", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "important", }, ], title: "CVE-2019-14905", }, { cve: "CVE-2019-19844", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-19844", }, ], notes: [ { category: "general", text: "Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-19844", url: "https://www.suse.com/security/cve/CVE-2019-19844", }, { category: "external", summary: "SUSE Bug 1159447 for CVE-2019-19844", url: "https://bugzilla.suse.com/1159447", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2019-19844", }, { cve: "CVE-2019-3828", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-3828", }, ], notes: [ { category: "general", text: "Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-3828", url: "https://www.suse.com/security/cve/CVE-2019-3828", }, { category: "external", summary: "SUSE Bug 1126503 for CVE-2019-3828", url: "https://bugzilla.suse.com/1126503", }, { category: "external", summary: "SUSE Bug 1164137 for CVE-2019-3828", url: "https://bugzilla.suse.com/1164137", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2019-3828", }, { cve: "CVE-2020-10177", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10177", }, ], notes: [ { category: "general", text: "Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-10177", url: "https://www.suse.com/security/cve/CVE-2020-10177", }, { category: "external", summary: "SUSE Bug 1173413 for CVE-2020-10177", url: "https://bugzilla.suse.com/1173413", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2020-10177", }, { cve: "CVE-2020-10378", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10378", }, ], notes: [ { category: "general", text: "In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-10378", url: "https://www.suse.com/security/cve/CVE-2020-10378", }, { category: "external", summary: "SUSE Bug 1161670 for CVE-2020-10378", url: "https://bugzilla.suse.com/1161670", }, { category: "external", summary: "SUSE Bug 1173416 for CVE-2020-10378", url: "https://bugzilla.suse.com/1173416", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2020-10378", }, { cve: "CVE-2020-10684", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10684", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-10684", url: "https://www.suse.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "SUSE Bug 1167532 for CVE-2020-10684", url: "https://bugzilla.suse.com/1167532", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "important", }, ], title: "CVE-2020-10684", }, { cve: "CVE-2020-10685", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10685", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-10685", url: "https://www.suse.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "SUSE Bug 1167440 for CVE-2020-10685", url: "https://bugzilla.suse.com/1167440", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2020-10685", }, { cve: "CVE-2020-10691", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10691", }, ], notes: [ { category: "general", text: "An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-10691", url: "https://www.suse.com/security/cve/CVE-2020-10691", }, { category: "external", summary: "SUSE Bug 1167873 for CVE-2020-10691", url: "https://bugzilla.suse.com/1167873", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2020-10691", }, { cve: "CVE-2020-10729", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10729", }, ], notes: [ { category: "general", text: "A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-10729", url: "https://www.suse.com/security/cve/CVE-2020-10729", }, { category: "external", summary: "SUSE Bug 1171162 for CVE-2020-10729", url: "https://bugzilla.suse.com/1171162", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2020-10729", }, { cve: "CVE-2020-10744", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10744", }, ], notes: [ { category: "general", text: "An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-10744", url: "https://www.suse.com/security/cve/CVE-2020-10744", }, { category: "external", summary: "SUSE Bug 1171823 for CVE-2020-10744", url: "https://bugzilla.suse.com/1171823", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2020-10744", }, { cve: "CVE-2020-10994", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10994", }, ], notes: [ { category: "general", text: "In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-10994", url: "https://www.suse.com/security/cve/CVE-2020-10994", }, { category: "external", summary: "SUSE Bug 1173418 for CVE-2020-10994", url: "https://bugzilla.suse.com/1173418", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2020-10994", }, { cve: "CVE-2020-11110", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11110", }, ], notes: [ { category: "general", text: "Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-11110", url: "https://www.suse.com/security/cve/CVE-2020-11110", }, { category: "external", summary: "SUSE Bug 1174583 for CVE-2020-11110", url: "https://bugzilla.suse.com/1174583", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2020-11110", }, { cve: "CVE-2020-14330", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14330", }, ], notes: [ { category: "general", text: "An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14330", url: "https://www.suse.com/security/cve/CVE-2020-14330", }, { category: "external", summary: "SUSE Bug 1174145 for CVE-2020-14330", url: "https://bugzilla.suse.com/1174145", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2020-14330", }, { cve: "CVE-2020-14332", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14332", }, ], notes: [ { category: "general", text: "A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14332", url: "https://www.suse.com/security/cve/CVE-2020-14332", }, { category: "external", summary: "SUSE Bug 1174302 for CVE-2020-14332", url: "https://bugzilla.suse.com/1174302", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2020-14332", }, { cve: "CVE-2020-14365", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14365", }, ], notes: [ { category: "general", text: "A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14365", url: "https://www.suse.com/security/cve/CVE-2020-14365", }, { category: "external", summary: "SUSE Bug 1175993 for CVE-2020-14365", url: "https://bugzilla.suse.com/1175993", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2020-14365", }, { cve: "CVE-2020-1733", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1733", }, ], notes: [ { category: "general", text: "A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1733", url: "https://www.suse.com/security/cve/CVE-2020-1733", }, { category: "external", summary: "SUSE Bug 1164140 for CVE-2020-1733", url: "https://bugzilla.suse.com/1164140", }, { category: "external", summary: "SUSE Bug 1171823 for CVE-2020-1733", url: "https://bugzilla.suse.com/1171823", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2020-1733", }, { cve: "CVE-2020-1734", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1734", }, ], notes: [ { category: "general", text: "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1734", url: "https://www.suse.com/security/cve/CVE-2020-1734", }, { category: "external", summary: "SUSE Bug 1164139 for CVE-2020-1734", url: "https://bugzilla.suse.com/1164139", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "important", }, ], title: "CVE-2020-1734", }, { cve: "CVE-2020-1735", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1735", }, ], notes: [ { category: "general", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1735", url: "https://www.suse.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "SUSE Bug 1164137 for CVE-2020-1735", url: "https://bugzilla.suse.com/1164137", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2020-1735", }, { cve: "CVE-2020-1736", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1736", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1736", url: "https://www.suse.com/security/cve/CVE-2020-1736", }, { category: "external", summary: "SUSE Bug 1164134 for CVE-2020-1736", url: "https://bugzilla.suse.com/1164134", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.2, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "low", }, ], title: "CVE-2020-1736", }, { cve: "CVE-2020-1737", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1737", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1737", url: "https://www.suse.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "SUSE Bug 1164138 for CVE-2020-1737", url: "https://bugzilla.suse.com/1164138", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "important", }, ], title: "CVE-2020-1737", }, { cve: "CVE-2020-17376", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-17376", }, ], notes: [ { category: "general", text: "An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-17376", url: "https://www.suse.com/security/cve/CVE-2020-17376", }, { category: "external", summary: "SUSE Bug 1175484 for CVE-2020-17376", url: "https://bugzilla.suse.com/1175484", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "important", }, ], title: "CVE-2020-17376", }, { cve: "CVE-2020-1738", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1738", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1738", url: "https://www.suse.com/security/cve/CVE-2020-1738", }, { category: "external", summary: "SUSE Bug 1164136 for CVE-2020-1738", url: "https://bugzilla.suse.com/1164136", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2020-1738", }, { cve: "CVE-2020-1739", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1739", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1739", url: "https://www.suse.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "SUSE Bug 1164133 for CVE-2020-1739", url: "https://bugzilla.suse.com/1164133", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2020-1739", }, { cve: "CVE-2020-1740", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1740", }, ], notes: [ { category: "general", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1740", url: "https://www.suse.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "SUSE Bug 1164135 for CVE-2020-1740", url: "https://bugzilla.suse.com/1164135", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.9, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "low", }, ], title: "CVE-2020-1740", }, { cve: "CVE-2020-1746", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1746", }, ], notes: [ { category: "general", text: "A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1746", url: "https://www.suse.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "SUSE Bug 1165393 for CVE-2020-1746", url: "https://bugzilla.suse.com/1165393", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2020-1746", }, { cve: "CVE-2020-1753", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1753", }, ], notes: [ { category: "general", text: "A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1753", url: "https://www.suse.com/security/cve/CVE-2020-1753", }, { category: "external", summary: "SUSE Bug 1166389 for CVE-2020-1753", url: "https://bugzilla.suse.com/1166389", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2020-1753", }, { cve: "CVE-2020-25032", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-25032", }, ], notes: [ { category: "general", text: "An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-25032", url: "https://www.suse.com/security/cve/CVE-2020-25032", }, { category: "external", summary: "SUSE Bug 1175986 for CVE-2020-25032", url: "https://bugzilla.suse.com/1175986", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2020-25032", }, { cve: "CVE-2020-26137", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-26137", }, ], notes: [ { category: "general", text: "urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-26137", url: "https://www.suse.com/security/cve/CVE-2020-26137", }, { category: "external", summary: "SUSE Bug 1177120 for CVE-2020-26137", url: "https://bugzilla.suse.com/1177120", }, { category: "external", summary: "SUSE Bug 1177211 for CVE-2020-26137", url: "https://bugzilla.suse.com/1177211", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "moderate", }, ], title: "CVE-2020-26137", }, { cve: "CVE-2020-7471", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-7471", }, ], notes: [ { category: "general", text: "Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-7471", url: "https://www.suse.com/security/cve/CVE-2020-7471", }, { category: "external", summary: "SUSE Bug 1161919 for CVE-2020-7471", url: "https://bugzilla.suse.com/1161919", }, { category: "external", summary: "SUSE Bug 1161920 for CVE-2020-7471", url: "https://bugzilla.suse.com/1161920", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "important", }, ], title: "CVE-2020-7471", }, { cve: "CVE-2020-9402", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-9402", }, ], notes: [ { category: "general", text: "Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-9402", url: "https://www.suse.com/security/cve/CVE-2020-9402", }, { category: "external", summary: "SUSE Bug 1165022 for CVE-2020-9402", url: "https://bugzilla.suse.com/1165022", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ansible-2.9.14-3.15.1.x86_64", "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "HPE Helion OpenStack 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "HPE Helion OpenStack 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20201007-1.29.1.noarch", "HPE Helion OpenStack 8:grafana-6.7.4-4.12.1.x86_64", "HPE Helion OpenStack 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "HPE Helion OpenStack 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "HPE Helion OpenStack 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-Django-1.11.29-3.19.2.noarch", "HPE Helion OpenStack 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.9.2.x86_64", "HPE Helion OpenStack 8:python-ardana-packager-0.0.3-7.7.2.noarch", "HPE Helion OpenStack 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "HPE Helion OpenStack 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "HPE Helion OpenStack 8:python-kombu-4.1.0-3.7.1.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev76-3.39.2.noarch", "HPE Helion OpenStack 8:python-urllib3-1.22-5.12.1.noarch", "HPE Helion OpenStack 8:release-notes-hpe-helion-openstack-8.20200922-3.23.1.noarch", "HPE Helion OpenStack 8:storm-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-nimbus-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:storm-supervisor-1.2.3-3.6.1.x86_64", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1596735237.54109b1-3.77.1.noarch", "SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1596129856.263f430-3.43.1.noarch", "SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1593618123.678c32b-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1601298847.dd01585-3.42.1.noarch", "SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud 8:python-Flask-Cors-3.0.3-3.3.1.noarch", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud 8:python-ardana-packager-0.0.3-7.7.2.noarch", "SUSE OpenStack Cloud 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:storm-supervisor-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev29-14.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.27.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev3-14.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev11-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.33.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev69-13.32.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev76-11.30.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.21.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ansible-2.9.14-3.15.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1600432272.b3ad722f0-3.44.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1.noarch", "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.12.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:grafana-natel-discrete-panel-0.0.9-3.3.6.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-api-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-backup-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-doc-11.2.3~dev29-3.28.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-scheduler-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-cinder-volume-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-monasca-installer-20190923_16.32-3.15.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev69-3.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev76-3.39.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.19.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.9.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-cinder-11.2.3~dev29-3.28.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystoneclient-doc-3.13.1-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-keystonemiddleware-4.17.1-5.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-kombu-4.1.0-3.7.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev69-3.37.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev76-3.39.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-straight-plugin-1.5.0-1.3.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-urllib3-1.22-5.12.1.noarch", "SUSE OpenStack Cloud Crowbar 8:release-notes-suse-openstack-cloud-8.20200922-3.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-crowbar-client-3.9.3-1.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-nimbus-1.2.3-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:storm-supervisor-1.2.3-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-12T14:17:34Z", details: "important", }, ], title: "CVE-2020-9402", }, ], }
fkie_cve-2020-1735
Vulnerability from fkie_nvd
Published
2020-03-16 16:15
Modified
2024-11-21 05:11
Severity ?
4.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
4.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Summary
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ansible | * | |
| redhat | ansible | * | |
| redhat | ansible | * | |
| redhat | ansible_tower | * | |
| redhat | ansible_tower | * | |
| redhat | ansible_tower | * | |
| redhat | ansible_tower | * | |
| redhat | cloudforms_management_engine | 5.0 | |
| redhat | openstack | 13 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", matchCriteriaId: "1AA398A0-5DCC-4202-BB11-B2871FB796B4", versionEndExcluding: "2.7.17", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", matchCriteriaId: "84818035-3E65-464B-A84A-22DADA640D19", versionEndExcluding: "2.8.11", versionStartIncluding: "2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", matchCriteriaId: "341AEE03-9334-416D-9896-A37697B43CCC", versionEndExcluding: "2.9.7", versionStartIncluding: "2.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", matchCriteriaId: "C3C5721F-050A-42A3-A71D-6C6BA23D58FE", versionEndIncluding: "3.3.4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", matchCriteriaId: "64DD1400-5512-493E-85DB-B3C18FBB2DBB", versionEndIncluding: "3.4.5", versionStartIncluding: "3.3.5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", matchCriteriaId: "F2062F74-68D8-4E75-BC69-6038B519F823", versionEndIncluding: "3.5.5", versionStartIncluding: "3.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", matchCriteriaId: "342D4A63-0972-413B-BD65-0495DBF1CDFB", versionEndIncluding: "3.6.3", versionStartIncluding: "3.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", matchCriteriaId: "7098B44F-56BF-42E3-8831-48D0A8E99EE2", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", matchCriteriaId: "704CFA1A-953E-4105-BFBE-406034B83DED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", }, { lang: "es", value: "Se detectó un fallo en el Ansible Engine cuando es usado el módulo de búsqueda. Un atacante podría interceptar el módulo, inyectar una nueva ruta y luego elegir una nueva ruta destino en el nodo del controlador. Se cree que todas las versiones de las derivaciones 2.7.x, 2.8.x y 2.9.x son vulnerables.", }, ], id: "CVE-2020-1735", lastModified: "2024-11-21T05:11:16.333", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.1, impactScore: 2.7, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.5, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-16T16:15:13.890", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/ansible/ansible/issues/67793", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202006-11", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4950", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/ansible/ansible/issues/67793", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202006-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4950", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
gsd-2020-1735
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
Aliases
Aliases
{ GSD: { alias: "CVE-2020-1735", description: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", id: "GSD-2020-1735", references: [ "https://www.suse.com/security/cve/CVE-2020-1735.html", "https://www.debian.org/security/2021/dsa-4950", "https://access.redhat.com/errata/RHSA-2020:1544", "https://access.redhat.com/errata/RHSA-2020:1543", "https://access.redhat.com/errata/RHSA-2020:1542", "https://access.redhat.com/errata/RHSA-2020:1541", "https://access.redhat.com/errata/RHBA-2020:1539", "https://access.redhat.com/errata/RHBA-2020:0547", "https://advisories.mageia.org/CVE-2020-1735.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2020-1735", ], details: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", id: "GSD-2020-1735", modified: "2023-12-13T01:21:57.657389Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2020-1735", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "ansible", version: { version_data: [ { version_value: "2.7.x, 2.8.x, 2.9.x", }, ], }, }, ], }, vendor_name: "Red Hat", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", }, ], }, impact: { cvss: [ [ { vectorString: "4.2/CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-22", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735", }, { name: "https://github.com/ansible/ansible/issues/67793", refsource: "CONFIRM", url: "https://github.com/ansible/ansible/issues/67793", }, { name: "FEDORA-2020-1b6ce91e37", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", }, { name: "FEDORA-2020-3990f03ba3", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", }, { name: "FEDORA-2020-f80154b5b4", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", }, { name: "GLSA-202006-11", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202006-11", }, { name: "DSA-4950", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-4950", }, ], }, }, "gitlab.com": { advisories: [ { affected_range: "<=2.7.16||>=2.8.0,<=2.8.8||>=2.9.0,<=2.9.5", affected_versions: "All versions up to 2.7.16, all versions starting from 2.8.0 up to 2.8.8, all versions starting from 2.9.0 up to 2.9.5", cvss_v2: "AV:L/AC:L/Au:N/C:P/I:P/A:N", cvss_v3: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", cwe_ids: [ "CWE-1035", "CWE-22", "CWE-937", ], date: "2021-08-07", description: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.", fixed_versions: [ "2.7.17", "2.8.9", "2.9.6", ], identifier: "CVE-2020-1735", identifiers: [ "CVE-2020-1735", ], not_impacted: "All versions after 2.7.16 before 2.8.0, all versions after 2.8.8 before 2.9.0, all versions after 2.9.5", package_slug: "pypi/ansible", pubdate: "2020-03-16", solution: "Upgrade to versions 2.7.17, 2.8.9, 2.9.6 or above.", title: "Path Traversal", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735", ], uuid: "95dc3aeb-1a59-4234-b691-5cf2cd178ecd", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.17", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.8.11", versionStartIncluding: "2.8.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.7", versionStartIncluding: "2.9.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "3.3.4", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "3.4.5", versionStartIncluding: "3.3.5", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "3.5.5", versionStartIncluding: "3.5.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "3.6.3", versionStartIncluding: "3.6.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2020-1735", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-22", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735", refsource: "CONFIRM", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735", }, { name: "https://github.com/ansible/ansible/issues/67793", refsource: "CONFIRM", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/ansible/ansible/issues/67793", }, { name: "FEDORA-2020-3990f03ba3", refsource: "FEDORA", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", }, { name: "FEDORA-2020-1b6ce91e37", refsource: "FEDORA", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", }, { name: "FEDORA-2020-f80154b5b4", refsource: "FEDORA", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", }, { name: "GLSA-202006-11", refsource: "GENTOO", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202006-11", }, { name: "DSA-4950", refsource: "DEBIAN", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4950", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.5, impactScore: 2.7, }, }, lastModifiedDate: "2022-04-05T14:57Z", publishedDate: "2020-03-16T16:15Z", }, }, }
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.