Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2019-0201
Vulnerability from cvelistv5
Published
2019-05-23 13:42
Modified
2024-08-04 17:44
Severity ?
EPSS score ?
0.24%
(0.44049)
Summary
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache ZooKeeper |
Version: 1.0.0 to 3.4.13 Version: 3.5.0-alpha to 3.5.4-beta |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:44:14.871Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "108427", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/108427", }, { name: "[debian-lts-announce] 20190524 [SECURITY] [DLA 1801-1] zookeeper security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html", }, { name: "[bookkeeper-issues] 20190531 [GitHub] [bookkeeper] eolivelli opened a new issue #2106: Update ZookKeeper dependency to 3.5.5", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[accumulo-commits] 20190605 [accumulo] branch 2.0 updated: Update ZooKeeper (CVE-2019-0201)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E", }, { name: "DSA-4461", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4461", }, { name: "20190612 [SECURITY] [DSA 4461-1] zookeeper security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Jun/13", }, { name: "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E", }, { name: "RHSA-2019:3140", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2019:3892", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { name: "RHSA-2019:4352", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:4352", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://issues.apache.org/jira/browse/ZOOKEEPER-1392", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://zookeeper.apache.org/security.html#CVE-2019-0201", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190619-0001/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "[hadoop-common-issues] 20210816 [GitHub] [hadoop] iwasakims opened a new pull request #3308: HADOOP-17850. Upgrade ZooKeeper to 3.4.14 in branch-3.2.", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache ZooKeeper", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "1.0.0 to 3.4.13", }, { status: "affected", version: "3.5.0-alpha to 3.5.4-beta", }, ], }, ], descriptions: [ { lang: "en", value: "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-16T12:06:09", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "108427", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/108427", }, { name: "[debian-lts-announce] 20190524 [SECURITY] [DLA 1801-1] zookeeper security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html", }, { name: "[bookkeeper-issues] 20190531 [GitHub] [bookkeeper] eolivelli opened a new issue #2106: Update ZookKeeper dependency to 3.5.5", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[accumulo-commits] 20190605 [accumulo] branch 2.0 updated: Update ZooKeeper (CVE-2019-0201)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E", }, { name: "DSA-4461", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4461", }, { name: "20190612 [SECURITY] [DSA 4461-1] zookeeper security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Jun/13", }, { name: "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E", }, { name: "RHSA-2019:3140", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2019:3892", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { name: "RHSA-2019:4352", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:4352", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://issues.apache.org/jira/browse/ZOOKEEPER-1392", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://zookeeper.apache.org/security.html#CVE-2019-0201", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190619-0001/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "[hadoop-common-issues] 20210816 [GitHub] [hadoop] iwasakims opened a new pull request #3308: HADOOP-17850. Upgrade ZooKeeper to 3.4.14 in branch-3.2.", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2019-0201", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache ZooKeeper", version: { version_data: [ { version_value: "1.0.0 to 3.4.13", }, { version_value: "3.5.0-alpha to 3.5.4-beta", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "108427", refsource: "BID", url: "http://www.securityfocus.com/bid/108427", }, { name: "[debian-lts-announce] 20190524 [SECURITY] [DLA 1801-1] zookeeper security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html", }, { name: "[bookkeeper-issues] 20190531 [GitHub] [bookkeeper] eolivelli opened a new issue #2106: Update ZookKeeper dependency to 3.5.5", refsource: "MLIST", url: "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391@%3Cissues.bookkeeper.apache.org%3E", }, { name: "[accumulo-commits] 20190605 [accumulo] branch 2.0 updated: Update ZooKeeper (CVE-2019-0201)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a@%3Ccommits.accumulo.apache.org%3E", }, { name: "DSA-4461", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4461", }, { name: "20190612 [SECURITY] [DSA 4461-1] zookeeper security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Jun/13", }, { name: "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", refsource: "MLIST", url: "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E", }, { name: "RHSA-2019:3140", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2019:3892", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { name: "RHSA-2019:4352", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:4352", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://issues.apache.org/jira/browse/ZOOKEEPER-1392", refsource: "MISC", url: "https://issues.apache.org/jira/browse/ZOOKEEPER-1392", }, { name: "https://zookeeper.apache.org/security.html#CVE-2019-0201", refsource: "CONFIRM", url: "https://zookeeper.apache.org/security.html#CVE-2019-0201", }, { name: "https://security.netapp.com/advisory/ntap-20190619-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190619-0001/", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "[hadoop-common-issues] 20210816 [GitHub] [hadoop] iwasakims opened a new pull request #3308: HADOOP-17850. Upgrade ZooKeeper to 3.4.14 in branch-3.2.", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b@%3Ccommon-issues.hadoop.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2019-0201", datePublished: "2019-05-23T13:42:47", dateReserved: "2018-11-14T00:00:00", dateUpdated: "2024-08-04T17:44:14.871Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:activemq:5.15.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70B11FEF-4CBF-4483-A5BD-CDA5AFAE52AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:drill:1.16.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"235DC57F-22B8-4219-9499-7D005D90A654\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.0.0\", \"versionEndIncluding\": \"3.4.13\", \"matchCriteriaId\": \"19FD698D-914D-46C3-810B-F749CD0C0DE8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:zookeeper:3.5.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B1074FD-02DC-4CDC-A8F2-4CE0827539B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:zookeeper:3.5.0:alpha:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F0F84E2-88CE-4350-B342-DA761D43682E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:zookeeper:3.5.0:rc0:*:*:*:*:*:*\", \"matchCriteriaId\": \"ACB3229A-F1BA-4AA7-916A-9061BE561AD4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:zookeeper:3.5.1:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E5C9D62-F9A2-4961-8440-9DF6F5C213D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:zookeeper:3.5.1:alpha:*:*:*:*:*:*\", \"matchCriteriaId\": \"A0C88D5A-86CD-41D3-B453-6060482E84E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:zookeeper:3.5.1:rc0:*:*:*:*:*:*\", \"matchCriteriaId\": \"24BEEE1F-5408-43F8-B662-B826349E97D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:zookeeper:3.5.1:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"4031DB88-F356-458F-BC77-91B62744A466\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:zookeeper:3.5.1:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB019BEC-6C42-4A51-9C45-389B6529CE96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:zookeeper:3.5.1:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"107E465A-A904-4198-8171-3D764B9F1C19\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:zookeeper:3.5.1:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5DE5D25-B8A9-4172-80FF-D430D47AE96A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:zookeeper:3.5.2:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E2EB460-5B43-42E3-98AF-FB08B0C94957\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:zookeeper:3.5.2:alpha:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C89705C-D40E-4C7D-A019-809D32AC1A98\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:zookeeper:3.5.2:rc0:*:*:*:*:*:*\", \"matchCriteriaId\": \"738C3017-324B-46AB-8D71-5202E31DBC97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:zookeeper:3.5.2:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"39BE8DA0-6839-4E59-838F-E0D6A4F96D3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:zookeeper:3.5.3:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"09C66E38-BDA9-42A6-8DBE-4E8781AE8394\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:zookeeper:3.5.3:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"81C99F52-0D85-41C8-A0DA-CE29C917ADDC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:zookeeper:3.5.3:rc0:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B94B4B9-2B39-4879-BC68-2E4DEC57650D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:zookeeper:3.5.3:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E6AADAF-368B-4143-AE49-736A4101D732\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:zookeeper:3.5.4:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"C392B5BC-1B19-49CB-B43F-D485EC4DC094\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:fuse:1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F31D7E8-D31D-4268-9ABF-3733915AA226\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"19.1.0.0.1\", \"matchCriteriaId\": \"F4E7F2AA-B851-4D85-9895-2CDD6BE9FCB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:siebel_core_-_server_framework:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"21.5\", \"matchCriteriaId\": \"F9C855EA-6E35-4EFF-ADEB-0EDFF90272BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"18.1.3.1.0\", \"matchCriteriaId\": \"3CFFA207-BDA9-4088-890E-99D9A30421D8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C767AA1-88B7-48F0-9F31-A89D16DCD52C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD7447BC-F315-4298-A822-549942FC118B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85DF4B3F-4BBC-42B7-B729-096934523D63\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper\\u2019s getACL() command doesn\\u2019t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.\"}, {\"lang\": \"es\", \"value\": \"Hay un problema presente en Apache ZooKeeper 1.0.0 a 3.4.13 y 3.5.0-alpha a 3.5.4-beta. El comando getACL () de ZooKeeper no verifica ning\\u00fan permiso cuando recupera las ACL del nodo solicitado y devuelve toda la informaci\\u00f3n contenida en el campo Id. De ACL como cadena de texto sin formato. DigestAuthenticationProvider sobrecarga el campo Id con el valor hash que se utiliza para la autenticaci\\u00f3n del usuario. Como consecuencia, si la autenticaci\\u00f3n impl\\u00edcita est\\u00e1 en uso, el valor hash sin sal ser\\u00e1 revelado por la solicitud getACL () para usuarios no autenticados o no privilegiados.\"}]", id: "CVE-2019-0201", lastModified: "2024-11-21T04:16:28.487", metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", published: "2019-05-23T14:29:07.517", references: "[{\"url\": \"http://www.securityfocus.com/bid/108427\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3140\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3892\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:4352\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://issues.apache.org/jira/browse/ZOOKEEPER-1392\", \"source\": \"security@apache.org\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Jun/13\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190619-0001/\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4461\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com//security-alerts/cpujul2021.html\", \"source\": \"security@apache.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"security@apache.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"source\": \"security@apache.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://zookeeper.apache.org/security.html#CVE-2019-0201\", \"source\": \"security@apache.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/108427\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3140\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3892\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:4352\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://issues.apache.org/jira/browse/ZOOKEEPER-1392\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Jun/13\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190619-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4461\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com//security-alerts/cpujul2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://zookeeper.apache.org/security.html#CVE-2019-0201\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]", sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-862\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2019-0201\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2019-05-23T14:29:07.517\",\"lastModified\":\"2024-11-21T04:16:28.487\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.\"},{\"lang\":\"es\",\"value\":\"Hay un problema presente en Apache ZooKeeper 1.0.0 a 3.4.13 y 3.5.0-alpha a 3.5.4-beta. El comando getACL () de ZooKeeper no verifica ningún permiso cuando recupera las ACL del nodo solicitado y devuelve toda la información contenida en el campo Id. De ACL como cadena de texto sin formato. DigestAuthenticationProvider sobrecarga el campo Id con el valor hash que se utiliza para la autenticación del usuario. Como consecuencia, si la autenticación implícita está en uso, el valor hash sin sal será revelado por la solicitud getACL () para usuarios no autenticados o no privilegiados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.15.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70B11FEF-4CBF-4483-A5BD-CDA5AFAE52AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:drill:1.16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"235DC57F-22B8-4219-9499-7D005D90A654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndIncluding\":\"3.4.13\",\"matchCriteriaId\":\"19FD698D-914D-46C3-810B-F749CD0C0DE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:3.5.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B1074FD-02DC-4CDC-A8F2-4CE0827539B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:3.5.0:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F0F84E2-88CE-4350-B342-DA761D43682E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:3.5.0:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACB3229A-F1BA-4AA7-916A-9061BE561AD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:3.5.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E5C9D62-F9A2-4961-8440-9DF6F5C213D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:3.5.1:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0C88D5A-86CD-41D3-B453-6060482E84E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:3.5.1:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"24BEEE1F-5408-43F8-B662-B826349E97D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:3.5.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4031DB88-F356-458F-BC77-91B62744A466\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:3.5.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB019BEC-6C42-4A51-9C45-389B6529CE96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:3.5.1:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"107E465A-A904-4198-8171-3D764B9F1C19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:3.5.1:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5DE5D25-B8A9-4172-80FF-D430D47AE96A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:3.5.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E2EB460-5B43-42E3-98AF-FB08B0C94957\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:3.5.2:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C89705C-D40E-4C7D-A019-809D32AC1A98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:3.5.2:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"738C3017-324B-46AB-8D71-5202E31DBC97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:3.5.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"39BE8DA0-6839-4E59-838F-E0D6A4F96D3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:3.5.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"09C66E38-BDA9-42A6-8DBE-4E8781AE8394\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:3.5.3:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"81C99F52-0D85-41C8-A0DA-CE29C917ADDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:3.5.3:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B94B4B9-2B39-4879-BC68-2E4DEC57650D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:3.5.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E6AADAF-368B-4143-AE49-736A4101D732\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:3.5.4:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"C392B5BC-1B19-49CB-B43F-D485EC4DC094\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:fuse:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F31D7E8-D31D-4268-9ABF-3733915AA226\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"19.1.0.0.1\",\"matchCriteriaId\":\"F4E7F2AA-B851-4D85-9895-2CDD6BE9FCB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:siebel_core_-_server_framework:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"21.5\",\"matchCriteriaId\":\"F9C855EA-6E35-4EFF-ADEB-0EDFF90272BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.1.3.1.0\",\"matchCriteriaId\":\"3CFFA207-BDA9-4088-890E-99D9A30421D8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C767AA1-88B7-48F0-9F31-A89D16DCD52C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD7447BC-F315-4298-A822-549942FC118B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85DF4B3F-4BBC-42B7-B729-096934523D63\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/108427\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3140\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3892\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4352\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://issues.apache.org/jira/browse/ZOOKEEPER-1392\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Jun/13\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190619-0001/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4461\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://zookeeper.apache.org/security.html#CVE-2019-0201\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/108427\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3140\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3892\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4352\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://issues.apache.org/jira/browse/ZOOKEEPER-1392\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Jun/13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190619-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4461\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://zookeeper.apache.org/security.html#CVE-2019-0201\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", }, }
WID-SEC-W-2022-0770
Vulnerability from csaf_certbund
Published
2020-04-23 22:00
Modified
2024-05-16 22:00
Summary
IBM DB2: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um seine Privilegien zu erhöhen oder einen Denial of Service zu verursachen
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um seine Privilegien zu erhöhen oder einen Denial of Service zu verursachen", title: "Angriff", }, { category: "general", text: "- Linux\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-0770 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2022-0770.json", }, { category: "self", summary: "WID-SEC-2022-0770 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0770", }, { category: "external", summary: "IBM Security Bulletin 6198380 vom 2020-04-23", url: "https://www.ibm.com/support/pages/node/6198380", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:2603 vom 2020-06-17", url: "https://access.redhat.com/errata/RHSA-2020:2603", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:4807 vom 2020-11-04", url: "https://access.redhat.com/errata/RHSA-2020:4807", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2021:3225 vom 2021-08-20", url: "https://access.redhat.com/errata/RHSA-2021:3225", }, { category: "external", summary: "Hitachi Vulnerability Information HITACHI-SEC-2022-115 vom 2022-05-27", url: "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-115/index.html", }, { category: "external", summary: "IBM Security Bulletin 6605881 vom 2022-07-21", url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-ibm-db2-shipped-with-ibm-puredata-system-for-operational-analytics/", }, { category: "external", summary: "Dell Security Advisory DSA-2024-070 vom 2024-02-03", url: "https://www.dell.com/support/kbdoc/000221770/dsa-2024-=", }, { category: "external", summary: "Hitachi Vulnerability Information HITACHI-SEC-2023-144 vom 2023-10-03", url: "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-144/index.html", }, { category: "external", summary: "IBM Security Bulletin 7153639 vom 2024-05-17", url: "https://www.ibm.com/support/pages/node/7153639", }, ], source_lang: "en-US", title: "IBM DB2: Mehrere Schwachstellen", tracking: { current_release_date: "2024-05-16T22:00:00.000+00:00", generator: { date: "2024-08-15T17:32:05.856+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2022-0770", initial_release_date: "2020-04-23T22:00:00.000+00:00", revision_history: [ { date: "2020-04-23T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2020-06-17T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-11-03T23:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2021-08-19T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2022-05-26T22:00:00.000+00:00", number: "5", summary: "Neue Updates von HITACHI aufgenommen", }, { date: "2022-07-20T22:00:00.000+00:00", number: "6", summary: "Neue Updates von IBM aufgenommen", }, { date: "2023-10-03T22:00:00.000+00:00", number: "7", summary: "Neue Updates von HITACHI aufgenommen", }, { date: "2024-02-04T23:00:00.000+00:00", number: "8", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-05-16T22:00:00.000+00:00", number: "9", summary: "Neue Updates von IBM aufgenommen", }, ], status: "final", version: "9", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "EMC Avamar", product: { name: "EMC Avamar", product_id: "T014381", product_identification_helper: { cpe: "cpe:/a:emc:avamar:-", }, }, }, ], category: "vendor", name: "EMC", }, { branches: [ { branches: [ { category: "product_name", name: "Hitachi Ops Center", product: { name: "Hitachi Ops Center", product_id: "T017562", product_identification_helper: { cpe: "cpe:/a:hitachi:ops_center:-", }, }, }, { category: "product_version_range", name: "<Analyzer 10.9.3-00", product: { name: "Hitachi Ops Center <Analyzer 10.9.3-00", product_id: "T030196", }, }, { category: "product_version_range", name: "<Viewpoint 10.9.3-00", product: { name: "Hitachi Ops Center <Viewpoint 10.9.3-00", product_id: "T030197", }, }, ], category: "product_name", name: "Ops Center", }, ], category: "vendor", name: "Hitachi", }, { branches: [ { branches: [ { category: "product_version", name: "11.1", product: { name: "IBM DB2 11.1", product_id: "342000", product_identification_helper: { cpe: "cpe:/a:ibm:db2:11.1", }, }, }, { category: "product_version", name: "11.5", product: { name: "IBM DB2 11.5", product_id: "695419", product_identification_helper: { cpe: "cpe:/a:ibm:db2:11.5", }, }, }, ], category: "product_name", name: "DB2", }, ], category: "vendor", name: "IBM", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2009-0001", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2009-0001", }, { cve: "CVE-2014-0114", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2014-0114", }, { cve: "CVE-2014-0193", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2014-0193", }, { cve: "CVE-2014-3488", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2014-3488", }, { cve: "CVE-2015-2156", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2015-2156", }, { cve: "CVE-2016-2402", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2016-2402", }, { cve: "CVE-2017-12972", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2017-12972", }, { cve: "CVE-2017-12973", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2017-12973", }, { cve: "CVE-2017-12974", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2017-12974", }, { cve: "CVE-2017-18640", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2017-18640", }, { cve: "CVE-2017-3734", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2017-3734", }, { cve: "CVE-2017-5637", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2017-5637", }, { cve: "CVE-2018-10237", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2018-10237", }, { cve: "CVE-2018-11771", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2018-11771", }, { cve: "CVE-2018-8009", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2018-8009", }, { cve: "CVE-2018-8012", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2018-8012", }, { cve: "CVE-2019-0201", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-0201", }, { cve: "CVE-2019-10086", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-10086", }, { cve: "CVE-2019-10172", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-10172", }, { cve: "CVE-2019-10202", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-10202", }, { cve: "CVE-2019-12402", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-12402", }, { cve: "CVE-2019-16869", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-16869", }, { cve: "CVE-2019-17195", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-17195", }, { cve: "CVE-2019-17571", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-17571", }, { cve: "CVE-2019-9512", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-9512", }, { cve: "CVE-2019-9514", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-9514", }, { cve: "CVE-2019-9515", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-9515", }, { cve: "CVE-2019-9518", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-9518", }, ], }
wid-sec-w-2022-0770
Vulnerability from csaf_certbund
Published
2020-04-23 22:00
Modified
2024-05-16 22:00
Summary
IBM DB2: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um seine Privilegien zu erhöhen oder einen Denial of Service zu verursachen
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um seine Privilegien zu erhöhen oder einen Denial of Service zu verursachen", title: "Angriff", }, { category: "general", text: "- Linux\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-0770 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2022-0770.json", }, { category: "self", summary: "WID-SEC-2022-0770 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0770", }, { category: "external", summary: "IBM Security Bulletin 6198380 vom 2020-04-23", url: "https://www.ibm.com/support/pages/node/6198380", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:2603 vom 2020-06-17", url: "https://access.redhat.com/errata/RHSA-2020:2603", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:4807 vom 2020-11-04", url: "https://access.redhat.com/errata/RHSA-2020:4807", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2021:3225 vom 2021-08-20", url: "https://access.redhat.com/errata/RHSA-2021:3225", }, { category: "external", summary: "Hitachi Vulnerability Information HITACHI-SEC-2022-115 vom 2022-05-27", url: "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-115/index.html", }, { category: "external", summary: "IBM Security Bulletin 6605881 vom 2022-07-21", url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-ibm-db2-shipped-with-ibm-puredata-system-for-operational-analytics/", }, { category: "external", summary: "Dell Security Advisory DSA-2024-070 vom 2024-02-03", url: "https://www.dell.com/support/kbdoc/000221770/dsa-2024-=", }, { category: "external", summary: "Hitachi Vulnerability Information HITACHI-SEC-2023-144 vom 2023-10-03", url: "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-144/index.html", }, { category: "external", summary: "IBM Security Bulletin 7153639 vom 2024-05-17", url: "https://www.ibm.com/support/pages/node/7153639", }, ], source_lang: "en-US", title: "IBM DB2: Mehrere Schwachstellen", tracking: { current_release_date: "2024-05-16T22:00:00.000+00:00", generator: { date: "2024-08-15T17:32:05.856+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2022-0770", initial_release_date: "2020-04-23T22:00:00.000+00:00", revision_history: [ { date: "2020-04-23T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2020-06-17T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-11-03T23:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2021-08-19T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2022-05-26T22:00:00.000+00:00", number: "5", summary: "Neue Updates von HITACHI aufgenommen", }, { date: "2022-07-20T22:00:00.000+00:00", number: "6", summary: "Neue Updates von IBM aufgenommen", }, { date: "2023-10-03T22:00:00.000+00:00", number: "7", summary: "Neue Updates von HITACHI aufgenommen", }, { date: "2024-02-04T23:00:00.000+00:00", number: "8", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-05-16T22:00:00.000+00:00", number: "9", summary: "Neue Updates von IBM aufgenommen", }, ], status: "final", version: "9", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "EMC Avamar", product: { name: "EMC Avamar", product_id: "T014381", product_identification_helper: { cpe: "cpe:/a:emc:avamar:-", }, }, }, ], category: "vendor", name: "EMC", }, { branches: [ { branches: [ { category: "product_name", name: "Hitachi Ops Center", product: { name: "Hitachi Ops Center", product_id: "T017562", product_identification_helper: { cpe: "cpe:/a:hitachi:ops_center:-", }, }, }, { category: "product_version_range", name: "<Analyzer 10.9.3-00", product: { name: "Hitachi Ops Center <Analyzer 10.9.3-00", product_id: "T030196", }, }, { category: "product_version_range", name: "<Viewpoint 10.9.3-00", product: { name: "Hitachi Ops Center <Viewpoint 10.9.3-00", product_id: "T030197", }, }, ], category: "product_name", name: "Ops Center", }, ], category: "vendor", name: "Hitachi", }, { branches: [ { branches: [ { category: "product_version", name: "11.1", product: { name: "IBM DB2 11.1", product_id: "342000", product_identification_helper: { cpe: "cpe:/a:ibm:db2:11.1", }, }, }, { category: "product_version", name: "11.5", product: { name: "IBM DB2 11.5", product_id: "695419", product_identification_helper: { cpe: "cpe:/a:ibm:db2:11.5", }, }, }, ], category: "product_name", name: "DB2", }, ], category: "vendor", name: "IBM", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2009-0001", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2009-0001", }, { cve: "CVE-2014-0114", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2014-0114", }, { cve: "CVE-2014-0193", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2014-0193", }, { cve: "CVE-2014-3488", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2014-3488", }, { cve: "CVE-2015-2156", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2015-2156", }, { cve: "CVE-2016-2402", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2016-2402", }, { cve: "CVE-2017-12972", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2017-12972", }, { cve: "CVE-2017-12973", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2017-12973", }, { cve: "CVE-2017-12974", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2017-12974", }, { cve: "CVE-2017-18640", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2017-18640", }, { cve: "CVE-2017-3734", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2017-3734", }, { cve: "CVE-2017-5637", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2017-5637", }, { cve: "CVE-2018-10237", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2018-10237", }, { cve: "CVE-2018-11771", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2018-11771", }, { cve: "CVE-2018-8009", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2018-8009", }, { cve: "CVE-2018-8012", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2018-8012", }, { cve: "CVE-2019-0201", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-0201", }, { cve: "CVE-2019-10086", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-10086", }, { cve: "CVE-2019-10172", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-10172", }, { cve: "CVE-2019-10202", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-10202", }, { cve: "CVE-2019-12402", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-12402", }, { cve: "CVE-2019-16869", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-16869", }, { cve: "CVE-2019-17195", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-17195", }, { cve: "CVE-2019-17571", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-17571", }, { cve: "CVE-2019-9512", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-9512", }, { cve: "CVE-2019-9514", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-9514", }, { cve: "CVE-2019-9515", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-9515", }, { cve: "CVE-2019-9518", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-9518", }, ], }
suse-su-2020:1066-1
Vulnerability from csaf_suse
Published
2020-04-22 12:41
Modified
2020-04-22 12:41
Summary
Security update for ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma, zookeeper
Notes
Title of the patch
Security update for ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma, zookeeper
Description of the patch
This update for ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma, zookeeper contains the following fixes:
Security fix for rubygem-puma:
- CVE-2020-5247: Fixed an issue where the newlines in headers according to Rack spec were not split (bsc#1165402)
Security fix for openstack-manila:
- CVE-2020-9543: Fixed an issue where an attacker could view, update, delete, or share resources that do not
Security fixes for memcached:
- CVE-2019-15026: Fixed a stack-based buffer over-read in conn_to_str() in memcached.c (bsc#1149110).
- CVE-2019-11596: Fixed NULL pointer dereference in process_lru_command() in memcached.c (bsc#1133817).
Security fixes for pdns:
- CVE-2019-3871: Fixed a denial of service with the HTTP remote backend when the attacker can send crafted DNS queries (bsc#1129734).
- CVE-2018-10851: Fixed a denial of service via crafted zone record (bnc#1114157).
- CVE-2018-14626: Fixed a denial of service by hiding DNSSEC records using a crafted DNS query (bsc#1114169).
Security fixes for zookeeper:
- CVE-2019-0201: Fixed an information disclosure in the ACL handling (bsc#1135773).
- CVE-2017-5637: Fixed incorrect input validation with wchp/wchc four letter words (bsc#1040519).
Changes in ardana-ansible:
- Update to version 8.0+git.1583432621.24fa60e:
* Upgrade pre-checks in Cloud 8 and Cloud 9 (SOC-10300)
Changes in ardana-barbican:
- Update to version 8.0+git.1585152761.8ef3d61:
* monitor ardana-node-cert (SOC-10873)
Changes in ardana-db:
- Update to version 8.0+git.1583944923.03cca6c:
* monitor MySQL TLS certificate (SOC-10873)
Changes in ardana-monasca:
- Update to version 8.0+git.1583944894.38f023a:
* Add certificate file check alarm (SOC-10873)
Changes in ardana-mq:
- Update to version 8.0+git.1583944811.dc14403:
* monitor RabbitMQ TLS certificate (SOC-10873)
Changes in ardana-neutron:
- Update to version 8.0+git.1584715262.e4ea620:
* Add symlink for neutron-fwaas.json.j2 (bsc#1166290)
Changes in ardana-octavia:
- Update to version 8.0+git.1585171918.418f5cf:
* Reconfigure monitor if needed (SOC-10873)
- Update to version 8.0+git.1585168661.135c735:
* fix Octavia client cert redeploy (SOC-10873)
- Update to version 8.0+git.1585152502.f15907a:
* monitor Octavia client certificate (SOC-10873)
Changes in ardana-tempest:
- Update to version 8.0+git.1585311051.6ab5488:
* Enable port-security feature in tempest(SOC-11027)
Changes in crowbar-core:
- Update to version 5.0+git.1585575551.16781d00d:
* upgrade: Point to config dir instead of config file (SOC-11171)
* upgrade: Do not call neutron-evacuate-lbaasv2-agent with use_crm (SOC-11171)
- Update to version 5.0+git.1585316726.670746c8c:
* upgrade: Fix systemd unit listing (trivial)
- Update to version 5.0+git.1585213241.46f12f9be:
* upgrade: Remove the assignement of crowbar-upgrade role (SOC-11166)
- Update to version 5.0+git.1585118470.eed9020de:
* Update the default value of OS version (trivial)
* Ignore CVE-2020-5267 in CI (bsc#1167240)
* Ignore CVE-2020-10663 in CI (bsc#1167244)
- Update to version 5.0+git.1583911121.d6b4b4b1a:
* ses: Make SES UI safe for unknown options (trivial)
* ses: Use cinder user for nova (SOC-11119)
* ses: Added helper for populating cinder volumes (SOC-11117)
* ses: Add ses cookbook (SOC-11114)
* ses: Configuration upload (SOC-11115)
- Update to version 5.0+git.1583309007.e3a8b81e9:
* Ignore CVE-2020-8130 in CI (bsc#1164804)
* Ignore CVE-2020-5247 (bsc#1165402)
Changes in crowbar-ha:
- Update to version 5.0+git.1585316176.344190f:
* add ssl termination on haproxy (bsc#1149535)
Changes in crowbar-openstack:
- Update to version 5.0+git.1585304226.2164b7895:
* nova: Fix migration numbers (trivial)
- Update to version 5.0+git.1584692779.369c58aca:
* nova: Drop redundant disk_cachemodes (trivial)
* nova: Add option to disable ephemeral on ceph (SOC-11119)
* keystone: Register SES RadosGW endpoints (SOC-5270)
* heat: Increase heat_register syncmark timeout (SOC-11103)
* heat: Simplify domain registration code (SOC-11103)
* nova: Setup CEPH secrets later (SOC-11141)
* nova: Enable ephemeral volumes on SES (SOC-11119)
* glance: Set SES as default for new deployments (SOC-11118)
* cinder: Correctly show old internal backends (SOC-11117)
* nova: SES integration (SOC-11117)
* nova: Hound fixes (trivial)
* nova: Better error handling when Cephx auth is failing (noref)
* nova: delete libvirt secret snippet immediately (noref)
* nova: reduce nesting of ceph management code (noref)
* nova: Remove obsolete rbd/ceph attributes (trivial)
* cinder: SES integration (SOC-11117)
* cinder: Disable use_crowbar default (SOC-11117)
* glance: SES integration (SOC-11118)
Changes in documentation-suse-openstack-cloud:
- Update to version 8.20200319:
* Adding ses-integration docs to cloud 8 (noref)
* Fix bsc-1130532. Add feedback
* fix bsc-1130532
- Update to version 8.20200116:
* Fixing links from suse.com/doc to new URL (noref)
- Update to version 8.20200224:
* Designate: add instructions on using PowerDNS backend (SOC-11051)
* Designate: recommend deploying DNS in a cluster in HA deployment (SOC-10636)
* message to add non-admin node for public network (SOC-10658)
* update designate deployment (SOC-8739)
* add designate barclamp (SCRD-8739)
* remove Designate name server instruction (bsc#1125357,SCRD-7649)
- Update to version 8.20200130:
* Add instructions for lbaas v2 loadbalancers (SOC-10980) (#1253)
- Update to version 8.20191211:
* Specify that manila-share should be installed on the control node (SOC-10938) (#1230)
* Remove (commented) mention of phrases-decl.ent (trivial)
- Update to version 8.20191206:
* Clarify keyring chown instructions for Ceph (bsc#1111180)
* Clarify VSA/Ceph support in HOS 8 , SOC-10981 (bsc#144694)
- Update to version 8.20191205:
* Update incorrect Manila install/setup instructions (SOC-10975)
- Update to version 8.20191029:
* Supplement/UAdmin: Group guides on documentation.suse.com (trivial)
- Update to version 8.20191023:
* fix instructions for TLS certitificate renewal (SOC-10846)
- Update to version 8.20191002:
* Added missing edit (SOC-8480)
* Adding Carl's second round of edits (SOC-8480)
* Removing accidentally re-added guilabels (SOC-8480)
* Applying Carl's edits (SOC-8480)
* Optimizing PNGs (SOC-8480)
* Removing guilabel complaint (SOC-8480)
* Adding xi:include to commit (SOC-8480)
* Add SSLCA-SelfSigned cert info to SOC Crowbar documentation (SOC-8480)
* Add SSLCA-SelfSigned cert info to SOC Crowbar documentation (SOC-8480)
- Update to version 8.20190923:
* remove zvm references, only in SOC6 (noref)
- Update to version 8.20190920:
* remove workaround, leave description (bsc#1151206)
* add qos to neutron not supported (bsc#1151206)
- Update to version 8.20190829:
* add available clients, dedicated CLM (bsc#1148426)
* add tempest to service components, dedicated CLM (bsc#1148426)
- Update to version 8.20190823:
* Create CC-BY license file (noref)
* for MariaDB update, db cluster must be running, healthy (bsc#1132852)
- Update to version 8.20190820:
* Fix broken URLs (SOC-10109)
- Update to version 8.20190820:
* add requirement for dummy entries in servers.yml (bsc#1146206)
- Update to version 8.20190816:
* add workaround for partition image resize (bsc#1145498)
- Update to version 8.20190813:
* MANAGEMENT network group cannot be changed, is required (SOC-10106)
* remove NSX references from Crowbar deployment (SOC-10081)
Changes in memcached:
- version update to 1.5.17
* bugfixes
fix strncpy call in stats conns to avoid ASAN violation (bsc#1149110, CVE-2019-15026)
extstore: fix indentation
add error handling when calling dup function
add unlock when item_cachedump malloc failed
extstore: emulate pread(v) for macOS
fix off-by-one in logger to allow CAS commands to be logged.
use strdup for explicitly configured slab sizes
move mem_requested from slabs.c to items.c (internal cleanup)
* new features
add server address to the 'stats conns' output
log client connection id with fetchers and mutations
Add a handler for seccomp crashes
- version update to 1.5.16
* bugfixes
When nsuffix is 0 space for flags hasn't been allocated so don't memcpy them.
- version update to 1.5.15
* bugfixes
Speed up incr/decr by replacing snprintf.
Use correct buffer size for internal URI encoding.
change some links from http to https
Fix small memory leak in testapp.c.
free window_global in slab_automove_extstore.c
remove inline_ascii_response option
-Y [filename] for ascii authentication mode
fix: idle-timeout wasn't compatible with binprot
* features
-Y [authfile] enables an authentication mode for ASCII protocol.
- modified patches
% memcached-autofoo.patch (refreshed)
- version update to 1.5.14
* update -h output for -I (max item size)
* fix segfault in 'lru' command (bsc#1133817, CVE-2019-11596)
* fix compile error on centos7
* extstore: error adjusting page_size after ext_path
* extstore: fix segfault if page_count is too high.
* close delete + incr item survival race bug
* memcached-tool dump fix loss of exp value
* Fix 'qw' in 'MemcachedTest.pm' so wait_ext_flush is exported properly
* Experimental TLS support.
* Basic implementation of TLS for memcached.
* Improve Get And Touch documentation
* fix INCR/DECR refcount leak for invalid items
- modified patches
% memcached-autofoo.patch (refreshed)
- Version bump to 1.5.11:
* extstore: balance IO thread queues
- Drop memcached-fix_test.patch that is present now upstream
- Add patch to fix aarch64, ppc64* and s390x tests:
* memcached-fix_test.patch
- Fix linter errors regarding COPYING
- update to 1.5.10:
* disruptive change in extstore: -o ext_page_count= is deprecated
and no longer works. To specify size: -o ext_path=/d/m/e:500G
extstore figures out the page count based on your desired page
size. M|G|T|P supported.
* extstore: Add basic JBOD support: ext_path can be specified
multiple times for striping onto simimar devices
* fix alignment issues on some ARM platforms for chunked items
- Update to 1.5.9:
* Bugfix release.
* Important note: if using --enable-seccomp, privilege dropping
is no longer on by default. The feature is experimental and many
users are reporting hard to diagnose problems on varied platforms.
* Seccomp is now marked EXPERIMENTAL, and must be explicitly
enabled by adding -o drop_privileges. Once we're more confident
with the usability of the feature, it will be enabled in -o modern,
like any other new change. You should only use it if you are
willing to carefully test it, especially if you're a vendor or
distribution.
* Also important is a crash fix in extstore when using the ASCII
protocol, large items, and running low on memory.
- update to 1.5.8:
* Bugfixes for seccomp and extstore
* Extstore platform portability has been greatly improved for ARM
and 32bit systems
- includes changes from 1.5.7:
* Fix alignment issues for 64bit ARM processors
* Fix seccomp portability
* Fix refcount leak with extstore while using binary touch commands
- turn on the testsuite again, it seems to pass server side,
too
- Home directory shouldn't be world readable bsc#1077718
- Mention that this stream isn't affected by bsc#1085209,
CVE-2018-1000127 to make the checker bots happy.
Changes in openstack-manila:
- Update to version manila-5.1.1.dev5:
* Fix manila-tempest-minimal-dsvm-lvm-centos-7 job
* share\_networks: enable project\_only API only
Changes in openstack-manila:
- Rebased patches:
+ cve-2020-9543-stable-pike.patch dropped (merged upstream)
- Update to version manila-5.1.1.dev5:
* Fix manila-tempest-minimal-dsvm-lvm-centos-7 job
* share\_networks: enable project\_only API only
Changes in openstack-neutron:
- Update to version neutron-11.0.9.dev63:
* ovs agent: signal to plugin if tunnel refresh needed
* Do not initialize snat-ns twice
Changes in openstack-neutron:
- Update to version neutron-11.0.9.dev63:
* ovs agent: signal to plugin if tunnel refresh needed
* Do not initialize snat-ns twice
Changes in openstack-nova:
- Update to version nova-16.1.9.dev61:
* Avoid circular reference during serialization
* Mask the token used to allow access to consoles
* Improve metadata server performance with large security groups
* Remove exp legacy-tempest-dsvm-full-devstack-plugin-nfs
- Update to version nova-16.1.9.dev54:
* pike-only: remove broken non-voting ceph jobs
* nova-live-migration: Wait for n-cpu services to come up after configuring Ceph
* rt: only map compute node if we created it
Changes in openstack-nova:
- Update to version nova-16.1.9.dev61:
* Avoid circular reference during serialization
* Mask the token used to allow access to consoles
* Improve metadata server performance with large security groups
* Remove exp legacy-tempest-dsvm-full-devstack-plugin-nfs
- Update to version nova-16.1.9.dev54:
* pike-only: remove broken non-voting ceph jobs
* nova-live-migration: Wait for n-cpu services to come up after configuring Ceph
* rt: only map compute node if we created it
Changes in pdns:
- Add missing 'BuildRequires: libmysqlclient-devel' to allow
the package to build correctly.
- CVE-2019-3871-auth-4.1.6.patch: fixes insufficient validation in
HTTP remote backend (bsc#1129734, CVE-2019-3871)
- CVE-2018-10851-auth-4.1.4.patch: fixes DoS via crafted zone record
(bnc#1114157, CVE-2018-10851)
- CVE-2018-14626-auth-4.1.4.patch: fixes an issue allowing a
remote user to craft a DNS query that will cause an answer without
DNSSEC records to be inserted into the packet cache and be
returned to clients asking for DNSSEC records, thus hiding
the presence of DNSSEC signatures leading to a potential DoS
(bsc#1114169, CVE-2018-14626)
Changes in python-amqp:
- Make it build for SLE12SP3:
- remove pytest-sugar build dependency
- used %doc macro instead of %license
- Removed patches that are already included in 2.4.2
- 0002-Do_not_send_AAAA_DNS_request_when_domain_resolved_to_IPv4_address.patch (SOC-9144)
- 0001-Always-treat-SSLError-timeouts-as-socket-timeouts-24.patch (bsc#1115904)
- Update to 2.4.2:
- Added support for the Cygwin platform
- Correct offset incrementation when parsing bitmaps.
- Consequent bitmaps are now parsed correctly.
- Better call of py.test
- Add versions to dependencies
- Remove python-sasl from build dependencies
- Update to version 2.4.1
* To avoid breaking the API basic_consume() now returns the consumer tag
instead of a tuple when nowait is True.
* Fix crash in basic_publish when broker does not support connection.blocked
capability.
* read_frame() is now Python 3 compatible for large payloads.
* Support float read_timeout/write_timeout.
* Always treat SSLError timeouts as socket timeouts.
* Treat EWOULDBLOCK as timeout.
- from 2.4.0
* Fix inconsistent frame_handler return value.
The function returned by frame_handler is meant to return True
once the complete message is received and the callback is called,
False otherwise.
This fixes the return value for messages with a body split across
multiple frames, and heartbeat frames.
* Don't default content_encoding to utf-8 for bytes.
This is not an acceptable default as the content may not be
valid utf-8, and even if it is, the producer likely does not
expect the message to be decoded by the consumer.
* Fix encoding of messages with multibyte characters.
Body length was previously calculated using string length,
which may be less than the length of the encoded body when
it contains multibyte sequences. This caused the body of
the frame to be truncated.
* Respect content_encoding when encoding messages.
Previously the content_encoding was ignored and messages
were always encoded as utf-8. This caused messages to be
incorrectly decoded if content_encoding is properly respected
when decoding.
* Fix AMQP protocol header for AMQP 0-9-1.
Previously it was set to a different value for unknown reasons.
* Add support for Python 3.7.
Change direct SSLSocket instantiation with wrap_socket.
* Add support for field type 'x' (byte array).
* If there is an exception raised on Connection.connect or
Connection.close, ensure that the underlying transport socket
is closed. Adjust exception message on connection errors as well.
* TCP_USER_TIMEOUT has to be excluded from KNOWN_TCP_OPTS in BSD platforms.
* Handle negative acknowledgments.
* Added integration tests.
* Fix basic_consume() with no consumer_tag provided.
* Improved empty AMQPError string representation.
* Drain events before publish.
This is needed to capture out of memory messages for clients that only
publish. Otherwise on_blocked is never called.
* Don't revive channel when connection is closing.
When connection is closing don't raise error when Channel.Close
method is received.
Changes in zookeeper:
- Apply 0002-Apply-patch-to-resolve-CVE-2019-0201.patch
This applies the patch for ZOOKEEPER-1392 to resolve CVE-2019-0201
Should not allow to read ACL when not authorized to read node
(bsc#1135773)
- Various cleanups in spec file
- Fixed off-by-one in zkCleanTRX.sh and made output more useful (bsc#1048688, FATE#323204)
- Fixed ExecStartPre statment in service file
- added zkCleanTRX.sh to clean up 0 length transaction logs
- Update to to zookeeper-3.4.10 (bsc#1040519)
* Fixes CVE-2017-5637
- Remove Changes.txt (missing as of 3.4.10)
Patchnames
HPE-Helion-OpenStack-8-2020-1066,SUSE-2020-1066,SUSE-OpenStack-Cloud-8-2020-1066,SUSE-OpenStack-Cloud-Crowbar-8-2020-1066
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma, zookeeper", title: "Title of the patch", }, { category: "description", text: "This update for ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma, zookeeper contains the following fixes:\n\nSecurity fix for rubygem-puma:\n- CVE-2020-5247: Fixed an issue where the newlines in headers according to Rack spec were not split (bsc#1165402)\n\nSecurity fix for openstack-manila:\n\n- CVE-2020-9543: Fixed an issue where an attacker could view, update, delete, or share resources that do not\n\nSecurity fixes for memcached:\n\n- CVE-2019-15026: Fixed a stack-based buffer over-read in conn_to_str() in memcached.c (bsc#1149110).\n- CVE-2019-11596: Fixed NULL pointer dereference in process_lru_command() in memcached.c (bsc#1133817).\n\nSecurity fixes for pdns:\n\n- CVE-2019-3871: Fixed a denial of service with the HTTP remote backend when the attacker can send crafted DNS queries (bsc#1129734).\n- CVE-2018-10851: Fixed a denial of service via crafted zone record (bnc#1114157).\n- CVE-2018-14626: Fixed a denial of service by hiding DNSSEC records using a crafted DNS query (bsc#1114169).\n\nSecurity fixes for zookeeper:\n\n- CVE-2019-0201: Fixed an information disclosure in the ACL handling (bsc#1135773).\n- CVE-2017-5637: Fixed incorrect input validation with wchp/wchc four letter words (bsc#1040519).\n\nChanges in ardana-ansible:\n- Update to version 8.0+git.1583432621.24fa60e:\n * Upgrade pre-checks in Cloud 8 and Cloud 9 (SOC-10300)\n\nChanges in ardana-barbican:\n- Update to version 8.0+git.1585152761.8ef3d61:\n * monitor ardana-node-cert (SOC-10873)\n\nChanges in ardana-db:\n- Update to version 8.0+git.1583944923.03cca6c:\n * monitor MySQL TLS certificate (SOC-10873)\n\nChanges in ardana-monasca:\n- Update to version 8.0+git.1583944894.38f023a:\n * Add certificate file check alarm (SOC-10873)\n\nChanges in ardana-mq:\n- Update to version 8.0+git.1583944811.dc14403:\n * monitor RabbitMQ TLS certificate (SOC-10873)\n\nChanges in ardana-neutron:\n- Update to version 8.0+git.1584715262.e4ea620:\n * Add symlink for neutron-fwaas.json.j2 (bsc#1166290)\n\nChanges in ardana-octavia:\n- Update to version 8.0+git.1585171918.418f5cf:\n * Reconfigure monitor if needed (SOC-10873)\n\n- Update to version 8.0+git.1585168661.135c735:\n * fix Octavia client cert redeploy (SOC-10873)\n\n- Update to version 8.0+git.1585152502.f15907a:\n * monitor Octavia client certificate (SOC-10873)\n\nChanges in ardana-tempest:\n- Update to version 8.0+git.1585311051.6ab5488:\n * Enable port-security feature in tempest(SOC-11027)\n\nChanges in crowbar-core:\n- Update to version 5.0+git.1585575551.16781d00d:\n * upgrade: Point to config dir instead of config file (SOC-11171)\n * upgrade: Do not call neutron-evacuate-lbaasv2-agent with use_crm (SOC-11171)\n\n- Update to version 5.0+git.1585316726.670746c8c:\n * upgrade: Fix systemd unit listing (trivial)\n\n- Update to version 5.0+git.1585213241.46f12f9be:\n * upgrade: Remove the assignement of crowbar-upgrade role (SOC-11166)\n\n- Update to version 5.0+git.1585118470.eed9020de:\n * Update the default value of OS version (trivial)\n * Ignore CVE-2020-5267 in CI (bsc#1167240)\n * Ignore CVE-2020-10663 in CI (bsc#1167244)\n\n- Update to version 5.0+git.1583911121.d6b4b4b1a:\n * ses: Make SES UI safe for unknown options (trivial)\n * ses: Use cinder user for nova (SOC-11119)\n * ses: Added helper for populating cinder volumes (SOC-11117)\n * ses: Add ses cookbook (SOC-11114)\n * ses: Configuration upload (SOC-11115)\n\n- Update to version 5.0+git.1583309007.e3a8b81e9:\n * Ignore CVE-2020-8130 in CI (bsc#1164804)\n * Ignore CVE-2020-5247 (bsc#1165402)\n\nChanges in crowbar-ha:\n- Update to version 5.0+git.1585316176.344190f:\n * add ssl termination on haproxy (bsc#1149535)\n\nChanges in crowbar-openstack:\n- Update to version 5.0+git.1585304226.2164b7895:\n * nova: Fix migration numbers (trivial)\n\n- Update to version 5.0+git.1584692779.369c58aca:\n * nova: Drop redundant disk_cachemodes (trivial)\n * nova: Add option to disable ephemeral on ceph (SOC-11119)\n * keystone: Register SES RadosGW endpoints (SOC-5270)\n * heat: Increase heat_register syncmark timeout (SOC-11103)\n * heat: Simplify domain registration code (SOC-11103)\n * nova: Setup CEPH secrets later (SOC-11141)\n * nova: Enable ephemeral volumes on SES (SOC-11119)\n * glance: Set SES as default for new deployments (SOC-11118)\n * cinder: Correctly show old internal backends (SOC-11117)\n * nova: SES integration (SOC-11117)\n * nova: Hound fixes (trivial)\n * nova: Better error handling when Cephx auth is failing (noref)\n * nova: delete libvirt secret snippet immediately (noref)\n * nova: reduce nesting of ceph management code (noref)\n * nova: Remove obsolete rbd/ceph attributes (trivial)\n * cinder: SES integration (SOC-11117)\n * cinder: Disable use_crowbar default (SOC-11117)\n * glance: SES integration (SOC-11118)\n\nChanges in documentation-suse-openstack-cloud:\n- Update to version 8.20200319:\n * Adding ses-integration docs to cloud 8 (noref)\n * Fix bsc-1130532. Add feedback\n * fix bsc-1130532\n\n- Update to version 8.20200116:\n * Fixing links from suse.com/doc to new URL (noref)\n\n- Update to version 8.20200224:\n * Designate: add instructions on using PowerDNS backend (SOC-11051)\n * Designate: recommend deploying DNS in a cluster in HA deployment (SOC-10636)\n * message to add non-admin node for public network (SOC-10658)\n * update designate deployment (SOC-8739)\n * add designate barclamp (SCRD-8739)\n * remove Designate name server instruction (bsc#1125357,SCRD-7649)\n\n- Update to version 8.20200130:\n * Add instructions for lbaas v2 loadbalancers (SOC-10980) (#1253)\n\n- Update to version 8.20191211:\n * Specify that manila-share should be installed on the control node (SOC-10938) (#1230)\n * Remove (commented) mention of phrases-decl.ent (trivial)\n\n- Update to version 8.20191206:\n * Clarify keyring chown instructions for Ceph (bsc#1111180)\n * Clarify VSA/Ceph support in HOS 8 , SOC-10981 (bsc#144694)\n\n- Update to version 8.20191205:\n * Update incorrect Manila install/setup instructions (SOC-10975)\n\n- Update to version 8.20191029:\n * Supplement/UAdmin: Group guides on documentation.suse.com (trivial)\n\n- Update to version 8.20191023:\n * fix instructions for TLS certitificate renewal (SOC-10846)\n\n- Update to version 8.20191002:\n * Added missing edit (SOC-8480)\n * Adding Carl's second round of edits (SOC-8480)\n * Removing accidentally re-added guilabels (SOC-8480)\n * Applying Carl's edits (SOC-8480)\n * Optimizing PNGs (SOC-8480)\n * Removing guilabel complaint (SOC-8480)\n * Adding xi:include to commit (SOC-8480)\n * Add SSLCA-SelfSigned cert info to SOC Crowbar documentation (SOC-8480)\n * Add SSLCA-SelfSigned cert info to SOC Crowbar documentation (SOC-8480)\n\n- Update to version 8.20190923:\n * remove zvm references, only in SOC6 (noref)\n\n- Update to version 8.20190920:\n * remove workaround, leave description (bsc#1151206)\n * add qos to neutron not supported (bsc#1151206)\n\n- Update to version 8.20190829:\n * add available clients, dedicated CLM (bsc#1148426)\n * add tempest to service components, dedicated CLM (bsc#1148426)\n\n- Update to version 8.20190823:\n * Create CC-BY license file (noref)\n * for MariaDB update, db cluster must be running, healthy (bsc#1132852)\n\n- Update to version 8.20190820:\n * Fix broken URLs (SOC-10109)\n\n- Update to version 8.20190820:\n * add requirement for dummy entries in servers.yml (bsc#1146206)\n\n- Update to version 8.20190816:\n * add workaround for partition image resize (bsc#1145498)\n\n- Update to version 8.20190813:\n * MANAGEMENT network group cannot be changed, is required (SOC-10106)\n * remove NSX references from Crowbar deployment (SOC-10081)\n\nChanges in memcached:\n- version update to 1.5.17\n * bugfixes\n fix strncpy call in stats conns to avoid ASAN violation (bsc#1149110, CVE-2019-15026)\n extstore: fix indentation\n add error handling when calling dup function\n add unlock when item_cachedump malloc failed\n extstore: emulate pread(v) for macOS\n fix off-by-one in logger to allow CAS commands to be logged.\n use strdup for explicitly configured slab sizes\n move mem_requested from slabs.c to items.c (internal cleanup)\n * new features\n add server address to the 'stats conns' output\n log client connection id with fetchers and mutations\n Add a handler for seccomp crashes\n- version update to 1.5.16\n * bugfixes\n When nsuffix is 0 space for flags hasn't been allocated so don't memcpy them.\n- version update to 1.5.15\n * bugfixes\n Speed up incr/decr by replacing snprintf.\n Use correct buffer size for internal URI encoding.\n change some links from http to https\n Fix small memory leak in testapp.c.\n free window_global in slab_automove_extstore.c\n remove inline_ascii_response option\n -Y [filename] for ascii authentication mode\n fix: idle-timeout wasn't compatible with binprot\n * features\n -Y [authfile] enables an authentication mode for ASCII protocol.\n- modified patches\n % memcached-autofoo.patch (refreshed)\n\n- version update to 1.5.14\n * update -h output for -I (max item size)\n * fix segfault in 'lru' command (bsc#1133817, CVE-2019-11596)\n * fix compile error on centos7\n * extstore: error adjusting page_size after ext_path\n * extstore: fix segfault if page_count is too high.\n * close delete + incr item survival race bug\n * memcached-tool dump fix loss of exp value\n * Fix 'qw' in 'MemcachedTest.pm' so wait_ext_flush is exported properly\n * Experimental TLS support.\n * Basic implementation of TLS for memcached.\n * Improve Get And Touch documentation\n * fix INCR/DECR refcount leak for invalid items\n- modified patches\n % memcached-autofoo.patch (refreshed)\n\n- Version bump to 1.5.11:\n * extstore: balance IO thread queues\n- Drop memcached-fix_test.patch that is present now upstream\n\n- Add patch to fix aarch64, ppc64* and s390x tests:\n * memcached-fix_test.patch\n\n- Fix linter errors regarding COPYING\n\n- update to 1.5.10:\n * disruptive change in extstore: -o ext_page_count= is deprecated\n and no longer works. To specify size: -o ext_path=/d/m/e:500G\n extstore figures out the page count based on your desired page\n size. M|G|T|P supported.\n * extstore: Add basic JBOD support: ext_path can be specified\n multiple times for striping onto simimar devices\n * fix alignment issues on some ARM platforms for chunked items\n\n- Update to 1.5.9:\n * Bugfix release.\n * Important note: if using --enable-seccomp, privilege dropping\n is no longer on by default. The feature is experimental and many\n users are reporting hard to diagnose problems on varied platforms.\n * Seccomp is now marked EXPERIMENTAL, and must be explicitly\n enabled by adding -o drop_privileges. Once we're more confident\n with the usability of the feature, it will be enabled in -o modern,\n like any other new change. You should only use it if you are\n willing to carefully test it, especially if you're a vendor or\n distribution.\n * Also important is a crash fix in extstore when using the ASCII\n protocol, large items, and running low on memory.\n\n- update to 1.5.8:\n * Bugfixes for seccomp and extstore\n * Extstore platform portability has been greatly improved for ARM\n and 32bit systems\n- includes changes from 1.5.7:\n * Fix alignment issues for 64bit ARM processors\n * Fix seccomp portability\n * Fix refcount leak with extstore while using binary touch commands\n\n- turn on the testsuite again, it seems to pass server side,\n too\n\n- Home directory shouldn't be world readable bsc#1077718\n- Mention that this stream isn't affected by bsc#1085209,\n CVE-2018-1000127 to make the checker bots happy.\n\nChanges in openstack-manila:\n- Update to version manila-5.1.1.dev5:\n * Fix manila-tempest-minimal-dsvm-lvm-centos-7 job\n * share\\_networks: enable project\\_only API only\n\nChanges in openstack-manila:\n- Rebased patches:\n + cve-2020-9543-stable-pike.patch dropped (merged upstream)\n\n- Update to version manila-5.1.1.dev5:\n * Fix manila-tempest-minimal-dsvm-lvm-centos-7 job\n * share\\_networks: enable project\\_only API only\n\nChanges in openstack-neutron:\n- Update to version neutron-11.0.9.dev63:\n * ovs agent: signal to plugin if tunnel refresh needed\n * Do not initialize snat-ns twice\n\nChanges in openstack-neutron:\n- Update to version neutron-11.0.9.dev63:\n * ovs agent: signal to plugin if tunnel refresh needed\n * Do not initialize snat-ns twice\n\nChanges in openstack-nova:\n- Update to version nova-16.1.9.dev61:\n * Avoid circular reference during serialization\n * Mask the token used to allow access to consoles\n * Improve metadata server performance with large security groups\n * Remove exp legacy-tempest-dsvm-full-devstack-plugin-nfs\n\n- Update to version nova-16.1.9.dev54:\n * pike-only: remove broken non-voting ceph jobs\n * nova-live-migration: Wait for n-cpu services to come up after configuring Ceph\n * rt: only map compute node if we created it\n\nChanges in openstack-nova:\n- Update to version nova-16.1.9.dev61:\n * Avoid circular reference during serialization\n * Mask the token used to allow access to consoles\n * Improve metadata server performance with large security groups\n * Remove exp legacy-tempest-dsvm-full-devstack-plugin-nfs\n\n- Update to version nova-16.1.9.dev54:\n * pike-only: remove broken non-voting ceph jobs\n * nova-live-migration: Wait for n-cpu services to come up after configuring Ceph\n * rt: only map compute node if we created it\n\nChanges in pdns:\n- Add missing 'BuildRequires: libmysqlclient-devel' to allow\n the package to build correctly.\n\n- CVE-2019-3871-auth-4.1.6.patch: fixes insufficient validation in\n HTTP remote backend (bsc#1129734, CVE-2019-3871)\n\n- CVE-2018-10851-auth-4.1.4.patch: fixes DoS via crafted zone record\n (bnc#1114157, CVE-2018-10851)\n- CVE-2018-14626-auth-4.1.4.patch: fixes an issue allowing a\n remote user to craft a DNS query that will cause an answer without\n DNSSEC records to be inserted into the packet cache and be\n returned to clients asking for DNSSEC records, thus hiding\n the presence of DNSSEC signatures leading to a potential DoS\n (bsc#1114169, CVE-2018-14626)\n\nChanges in python-amqp:\n- Make it build for SLE12SP3:\n - remove pytest-sugar build dependency\n - used %doc macro instead of %license\n- Removed patches that are already included in 2.4.2\n - 0002-Do_not_send_AAAA_DNS_request_when_domain_resolved_to_IPv4_address.patch (SOC-9144)\n - 0001-Always-treat-SSLError-timeouts-as-socket-timeouts-24.patch (bsc#1115904)\n- Update to 2.4.2:\n - Added support for the Cygwin platform\n - Correct offset incrementation when parsing bitmaps.\n - Consequent bitmaps are now parsed correctly.\n- Better call of py.test\n- Add versions to dependencies\n- Remove python-sasl from build dependencies\n- Update to version 2.4.1\n * To avoid breaking the API basic_consume() now returns the consumer tag\n instead of a tuple when nowait is True.\n * Fix crash in basic_publish when broker does not support connection.blocked\n capability.\n * read_frame() is now Python 3 compatible for large payloads.\n * Support float read_timeout/write_timeout.\n * Always treat SSLError timeouts as socket timeouts.\n * Treat EWOULDBLOCK as timeout.\n- from 2.4.0\n * Fix inconsistent frame_handler return value.\n The function returned by frame_handler is meant to return True\n once the complete message is received and the callback is called,\n False otherwise.\n This fixes the return value for messages with a body split across\n multiple frames, and heartbeat frames.\n * Don't default content_encoding to utf-8 for bytes.\n This is not an acceptable default as the content may not be\n valid utf-8, and even if it is, the producer likely does not\n expect the message to be decoded by the consumer.\n * Fix encoding of messages with multibyte characters.\n Body length was previously calculated using string length,\n which may be less than the length of the encoded body when\n it contains multibyte sequences. This caused the body of\n the frame to be truncated.\n * Respect content_encoding when encoding messages.\n Previously the content_encoding was ignored and messages\n were always encoded as utf-8. This caused messages to be\n incorrectly decoded if content_encoding is properly respected\n when decoding.\n * Fix AMQP protocol header for AMQP 0-9-1.\n Previously it was set to a different value for unknown reasons.\n * Add support for Python 3.7.\n Change direct SSLSocket instantiation with wrap_socket.\n * Add support for field type 'x' (byte array).\n * If there is an exception raised on Connection.connect or\n Connection.close, ensure that the underlying transport socket\n is closed. Adjust exception message on connection errors as well.\n * TCP_USER_TIMEOUT has to be excluded from KNOWN_TCP_OPTS in BSD platforms.\n * Handle negative acknowledgments.\n * Added integration tests.\n * Fix basic_consume() with no consumer_tag provided.\n * Improved empty AMQPError string representation.\n * Drain events before publish.\n This is needed to capture out of memory messages for clients that only\n publish. Otherwise on_blocked is never called.\n * Don't revive channel when connection is closing.\n When connection is closing don't raise error when Channel.Close\n method is received.\n\nChanges in zookeeper:\n- Apply 0002-Apply-patch-to-resolve-CVE-2019-0201.patch\n This applies the patch for ZOOKEEPER-1392 to resolve CVE-2019-0201\n Should not allow to read ACL when not authorized to read node \n (bsc#1135773)\n\n- Various cleanups in spec file\n\n- Fixed off-by-one in zkCleanTRX.sh and made output more useful (bsc#1048688, FATE#323204)\n\n- Fixed ExecStartPre statment in service file\n\n- added zkCleanTRX.sh to clean up 0 length transaction logs\n\n- Update to to zookeeper-3.4.10 (bsc#1040519)\n * Fixes CVE-2017-5637\n- Remove Changes.txt (missing as of 3.4.10)\n\n", title: "Description of the patch", }, { category: "details", text: "HPE-Helion-OpenStack-8-2020-1066,SUSE-2020-1066,SUSE-OpenStack-Cloud-8-2020-1066,SUSE-OpenStack-Cloud-Crowbar-8-2020-1066", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_1066-1.json", }, { category: "self", summary: "URL for SUSE-SU-2020:1066-1", url: "https://www.suse.com/support/update/announcement/2020/suse-su-20201066-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2020:1066-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2020-April/006723.html", }, { category: "self", summary: "SUSE Bug 1040519", url: "https://bugzilla.suse.com/1040519", }, { category: "self", summary: "SUSE Bug 1048688", url: "https://bugzilla.suse.com/1048688", }, { category: "self", summary: "SUSE Bug 1077718", url: "https://bugzilla.suse.com/1077718", }, { category: "self", summary: "SUSE Bug 1111180", url: "https://bugzilla.suse.com/1111180", }, { category: "self", summary: "SUSE Bug 1114157", url: "https://bugzilla.suse.com/1114157", }, { category: "self", summary: "SUSE Bug 1114169", url: "https://bugzilla.suse.com/1114169", }, { category: "self", summary: "SUSE Bug 1115904", url: "https://bugzilla.suse.com/1115904", }, { category: "self", summary: "SUSE Bug 1125357", url: "https://bugzilla.suse.com/1125357", }, { category: "self", summary: "SUSE Bug 1129734", url: "https://bugzilla.suse.com/1129734", }, { category: "self", summary: "SUSE Bug 1132852", url: "https://bugzilla.suse.com/1132852", }, { category: "self", summary: "SUSE Bug 1133817", url: "https://bugzilla.suse.com/1133817", }, { category: "self", summary: "SUSE Bug 1135773", url: "https://bugzilla.suse.com/1135773", }, { category: "self", summary: "SUSE Bug 1145498", url: "https://bugzilla.suse.com/1145498", }, { category: "self", summary: "SUSE Bug 1146206", url: "https://bugzilla.suse.com/1146206", }, { category: "self", summary: "SUSE Bug 1148426", url: "https://bugzilla.suse.com/1148426", }, { category: "self", summary: "SUSE Bug 1149110", url: "https://bugzilla.suse.com/1149110", }, { category: "self", summary: "SUSE Bug 1149535", url: "https://bugzilla.suse.com/1149535", }, { category: "self", summary: "SUSE Bug 1151206", url: "https://bugzilla.suse.com/1151206", }, { category: "self", summary: "SUSE Bug 1165402", url: "https://bugzilla.suse.com/1165402", }, { category: "self", summary: "SUSE Bug 1165643", url: "https://bugzilla.suse.com/1165643", }, { category: "self", summary: "SUSE Bug 1166290", url: "https://bugzilla.suse.com/1166290", }, { category: "self", summary: "SUSE Bug 1167240", url: "https://bugzilla.suse.com/1167240", }, { category: "self", summary: "SUSE Bug 144694", url: "https://bugzilla.suse.com/144694", }, { category: "self", summary: "SUSE CVE CVE-2017-5637 page", url: "https://www.suse.com/security/cve/CVE-2017-5637/", }, { category: "self", summary: "SUSE CVE CVE-2018-10851 page", url: "https://www.suse.com/security/cve/CVE-2018-10851/", }, { category: "self", summary: "SUSE CVE CVE-2018-14626 page", url: "https://www.suse.com/security/cve/CVE-2018-14626/", }, { category: "self", summary: "SUSE CVE CVE-2019-0201 page", url: "https://www.suse.com/security/cve/CVE-2019-0201/", }, { category: "self", summary: "SUSE CVE CVE-2019-11596 page", url: "https://www.suse.com/security/cve/CVE-2019-11596/", }, { category: "self", summary: "SUSE CVE CVE-2019-15026 page", url: "https://www.suse.com/security/cve/CVE-2019-15026/", }, { category: "self", summary: "SUSE CVE CVE-2019-3871 page", url: "https://www.suse.com/security/cve/CVE-2019-3871/", }, { category: "self", summary: "SUSE CVE CVE-2020-5247 page", url: "https://www.suse.com/security/cve/CVE-2020-5247/", }, { category: "self", summary: "SUSE CVE CVE-2020-9543 page", url: "https://www.suse.com/security/cve/CVE-2020-9543/", }, ], title: "Security update for ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma, zookeeper", tracking: { current_release_date: "2020-04-22T12:41:50Z", generator: { date: "2020-04-22T12:41:50Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2020:1066-1", initial_release_date: "2020-04-22T12:41:50Z", revision_history: [ { date: "2020-04-22T12:41:50Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.aarch64", product: { name: "crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.aarch64", product_id: "crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.aarch64", }, }, { category: "product_version", name: "crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.aarch64", product: { name: "crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.aarch64", product_id: "crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.aarch64", }, }, { category: "product_version", name: "crowbar-core-devel-5.0+git.1585575551.16781d00d-3.38.1.aarch64", product: { name: "crowbar-core-devel-5.0+git.1585575551.16781d00d-3.38.1.aarch64", product_id: "crowbar-core-devel-5.0+git.1585575551.16781d00d-3.38.1.aarch64", }, }, { category: "product_version", name: "libzookeeper2-3.4.10-3.6.1.aarch64", product: { name: "libzookeeper2-3.4.10-3.6.1.aarch64", product_id: "libzookeeper2-3.4.10-3.6.1.aarch64", }, }, { category: "product_version", name: "libzookeeper2-devel-3.4.10-3.6.1.aarch64", product: { name: "libzookeeper2-devel-3.4.10-3.6.1.aarch64", product_id: "libzookeeper2-devel-3.4.10-3.6.1.aarch64", }, }, { category: "product_version", name: "memcached-1.5.17-3.3.1.aarch64", product: { name: "memcached-1.5.17-3.3.1.aarch64", product_id: "memcached-1.5.17-3.3.1.aarch64", }, }, { category: "product_version", name: "memcached-devel-1.5.17-3.3.1.aarch64", product: { name: "memcached-devel-1.5.17-3.3.1.aarch64", product_id: "memcached-devel-1.5.17-3.3.1.aarch64", }, }, { category: "product_version", name: "pdns-4.1.2-3.6.1.aarch64", product: { name: "pdns-4.1.2-3.6.1.aarch64", product_id: "pdns-4.1.2-3.6.1.aarch64", }, }, { category: "product_version", name: "pdns-backend-godbc-4.1.2-3.6.1.aarch64", product: { name: "pdns-backend-godbc-4.1.2-3.6.1.aarch64", product_id: "pdns-backend-godbc-4.1.2-3.6.1.aarch64", }, }, { category: "product_version", name: "pdns-backend-ldap-4.1.2-3.6.1.aarch64", product: { name: "pdns-backend-ldap-4.1.2-3.6.1.aarch64", product_id: "pdns-backend-ldap-4.1.2-3.6.1.aarch64", }, }, { category: "product_version", name: "pdns-backend-lua-4.1.2-3.6.1.aarch64", product: { name: "pdns-backend-lua-4.1.2-3.6.1.aarch64", product_id: "pdns-backend-lua-4.1.2-3.6.1.aarch64", }, }, { category: "product_version", name: "pdns-backend-mydns-4.1.2-3.6.1.aarch64", product: { name: "pdns-backend-mydns-4.1.2-3.6.1.aarch64", product_id: "pdns-backend-mydns-4.1.2-3.6.1.aarch64", }, }, { category: "product_version", name: "pdns-backend-mysql-4.1.2-3.6.1.aarch64", product: { name: "pdns-backend-mysql-4.1.2-3.6.1.aarch64", product_id: "pdns-backend-mysql-4.1.2-3.6.1.aarch64", }, }, { category: "product_version", name: "pdns-backend-postgresql-4.1.2-3.6.1.aarch64", product: { name: "pdns-backend-postgresql-4.1.2-3.6.1.aarch64", product_id: "pdns-backend-postgresql-4.1.2-3.6.1.aarch64", }, }, { category: "product_version", name: "pdns-backend-remote-4.1.2-3.6.1.aarch64", product: { name: "pdns-backend-remote-4.1.2-3.6.1.aarch64", product_id: "pdns-backend-remote-4.1.2-3.6.1.aarch64", }, }, { category: "product_version", name: "pdns-backend-sqlite3-4.1.2-3.6.1.aarch64", product: { name: "pdns-backend-sqlite3-4.1.2-3.6.1.aarch64", product_id: "pdns-backend-sqlite3-4.1.2-3.6.1.aarch64", }, }, { category: "product_version", name: "ruby2.1-rubygem-puma-2.16.0-3.6.1.aarch64", product: { name: "ruby2.1-rubygem-puma-2.16.0-3.6.1.aarch64", product_id: "ruby2.1-rubygem-puma-2.16.0-3.6.1.aarch64", }, }, { category: "product_version", name: "ruby2.1-rubygem-puma-doc-2.16.0-3.6.1.aarch64", product: { name: "ruby2.1-rubygem-puma-doc-2.16.0-3.6.1.aarch64", product_id: "ruby2.1-rubygem-puma-doc-2.16.0-3.6.1.aarch64", }, }, { category: "product_version", name: "zookeeper-client-3.4.10-3.6.1.aarch64", product: { name: "zookeeper-client-3.4.10-3.6.1.aarch64", product_id: "zookeeper-client-3.4.10-3.6.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", product: { name: "ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", product_id: "ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", }, }, { category: "product_version", name: "ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", product: { name: "ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", product_id: "ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", }, }, { category: "product_version", name: "ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", product: { name: "ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", product_id: "ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", }, }, { category: "product_version", name: "ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", product: { name: "ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", product_id: "ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", }, }, { category: "product_version", name: "ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", product: { name: "ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", product_id: "ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", }, }, { category: "product_version", name: "ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", product: { name: "ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", product_id: "ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", }, }, { category: "product_version", name: "ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", product: { name: "ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", product_id: "ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", }, }, { category: "product_version", name: "ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", product: { name: "ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", product_id: "ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", }, }, { category: "product_version", name: "documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", product: { name: "documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", product_id: "documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", }, }, { category: "product_version", name: "documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", product: { name: "documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", product_id: "documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", }, }, { category: "product_version", name: "documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", product: { name: "documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", product_id: "documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", }, }, { category: "product_version", name: "documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", product: { name: "documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", product_id: "documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", }, }, { category: "product_version", name: "documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", product: { name: "documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", product_id: "documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", }, }, { category: "product_version", name: "documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", product: { name: "documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", product_id: "documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", }, }, { category: "product_version", name: "openstack-manila-5.1.1~dev5-3.26.2.noarch", product: { name: "openstack-manila-5.1.1~dev5-3.26.2.noarch", product_id: "openstack-manila-5.1.1~dev5-3.26.2.noarch", }, }, { category: "product_version", name: "openstack-manila-api-5.1.1~dev5-3.26.2.noarch", product: { name: "openstack-manila-api-5.1.1~dev5-3.26.2.noarch", product_id: "openstack-manila-api-5.1.1~dev5-3.26.2.noarch", }, }, { category: "product_version", name: "openstack-manila-data-5.1.1~dev5-3.26.2.noarch", product: { name: "openstack-manila-data-5.1.1~dev5-3.26.2.noarch", product_id: "openstack-manila-data-5.1.1~dev5-3.26.2.noarch", }, }, { category: "product_version", name: "openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", product: { name: "openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", product_id: "openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", }, }, { category: "product_version", name: "openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", product: { name: "openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", product_id: "openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", }, }, { category: "product_version", name: "openstack-manila-share-5.1.1~dev5-3.26.2.noarch", product: { name: "openstack-manila-share-5.1.1~dev5-3.26.2.noarch", product_id: "openstack-manila-share-5.1.1~dev5-3.26.2.noarch", }, }, { category: "product_version", name: "openstack-neutron-11.0.9~dev63-3.30.2.noarch", product: { name: "openstack-neutron-11.0.9~dev63-3.30.2.noarch", product_id: "openstack-neutron-11.0.9~dev63-3.30.2.noarch", }, }, { category: "product_version", name: "openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", product: { name: "openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", product_id: "openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", }, }, { category: "product_version", name: "openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", product: { name: "openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", product_id: "openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", }, }, { category: "product_version", name: "openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", product: { name: "openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", product_id: "openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", }, }, { category: "product_version", name: "openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", product: { name: "openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", product_id: "openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", }, }, { category: "product_version", name: "openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", product: { name: "openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", product_id: "openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", }, }, { category: "product_version", name: "openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", product: { name: "openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", product_id: "openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", }, }, { category: "product_version", name: "openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", product: { name: "openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", product_id: "openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", }, }, { category: "product_version", name: "openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", product: { name: "openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", product_id: "openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", }, }, { category: "product_version", name: "openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", product: { name: "openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", product_id: "openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", }, }, { category: "product_version", name: "openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", product: { name: "openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", product_id: "openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", }, }, { category: "product_version", name: "openstack-nova-16.1.9~dev61-3.35.2.noarch", product: { name: "openstack-nova-16.1.9~dev61-3.35.2.noarch", product_id: "openstack-nova-16.1.9~dev61-3.35.2.noarch", }, }, { category: "product_version", name: "openstack-nova-api-16.1.9~dev61-3.35.2.noarch", product: { name: "openstack-nova-api-16.1.9~dev61-3.35.2.noarch", product_id: "openstack-nova-api-16.1.9~dev61-3.35.2.noarch", }, }, { category: "product_version", name: "openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", product: { name: "openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", product_id: "openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", }, }, { category: "product_version", name: "openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", product: { name: "openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", product_id: "openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", }, }, { category: "product_version", name: "openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", product: { name: "openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", product_id: "openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", }, }, { category: "product_version", name: "openstack-nova-console-16.1.9~dev61-3.35.2.noarch", product: { name: "openstack-nova-console-16.1.9~dev61-3.35.2.noarch", product_id: "openstack-nova-console-16.1.9~dev61-3.35.2.noarch", }, }, { category: "product_version", name: "openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", product: { name: "openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", product_id: "openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", }, }, { category: "product_version", name: "openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", product: { name: "openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", product_id: "openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", }, }, { category: "product_version", name: "openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", product: { name: "openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", product_id: "openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", }, }, { category: "product_version", name: "openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", product: { name: "openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", product_id: "openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", }, }, { category: "product_version", name: "openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", product: { name: "openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", product_id: "openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", }, }, { category: "product_version", name: "openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", product: { name: "openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", product_id: "openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", }, }, { category: "product_version", name: "openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", product: { name: "openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", product_id: "openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", }, }, { category: "product_version", name: "python-amqp-2.4.2-3.9.1.noarch", product: { name: "python-amqp-2.4.2-3.9.1.noarch", product_id: "python-amqp-2.4.2-3.9.1.noarch", }, }, { category: "product_version", name: "python-manila-5.1.1~dev5-3.26.2.noarch", product: { name: "python-manila-5.1.1~dev5-3.26.2.noarch", product_id: "python-manila-5.1.1~dev5-3.26.2.noarch", }, }, { category: "product_version", name: "python-neutron-11.0.9~dev63-3.30.2.noarch", product: { name: "python-neutron-11.0.9~dev63-3.30.2.noarch", product_id: "python-neutron-11.0.9~dev63-3.30.2.noarch", }, }, { category: "product_version", name: "python-nova-16.1.9~dev61-3.35.2.noarch", product: { name: "python-nova-16.1.9~dev61-3.35.2.noarch", product_id: "python-nova-16.1.9~dev61-3.35.2.noarch", }, }, { category: "product_version", name: "venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", product: { name: "venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", product_id: "venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", }, }, { category: "product_version", name: "venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", product: { name: "venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", product_id: "venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", }, }, { category: "product_version", name: "venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", product: { name: "venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", product_id: "venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", }, }, { category: "product_version", name: "venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", product: { name: "venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", product_id: "venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", }, }, { category: "product_version", name: "venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", product: { name: "venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", product_id: "venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", }, }, { category: "product_version", name: "venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", product: { name: "venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", product_id: "venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", }, }, { category: "product_version", name: "venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", product: { name: "venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", product_id: "venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", }, }, { category: "product_version", name: "venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", product: { name: "venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", product_id: "venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", }, }, { category: "product_version", name: "venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", product: { name: "venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", product_id: "venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", }, }, { category: "product_version", name: "venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", product: { name: "venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", product_id: "venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", }, }, { category: "product_version", name: "venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", product: { name: "venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", product_id: "venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", }, }, { category: "product_version", name: "venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", product: { name: "venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", product_id: "venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", }, }, { category: "product_version", name: "venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", product: { name: "venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", product_id: "venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", }, }, { category: "product_version", name: "venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", product: { name: "venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", product_id: "venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", }, }, { category: "product_version", name: "venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", product: { name: "venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", product_id: "venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", }, }, { category: "product_version", name: "venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", product: { name: "venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", product_id: "venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", }, }, { category: "product_version", name: "venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", product: { name: "venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", product_id: "venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", }, }, { category: "product_version", name: "venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", product: { name: "venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", product_id: "venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", }, }, { category: "product_version", name: "venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", product: { name: "venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", product_id: "venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", }, }, { category: "product_version", name: "zookeeper-server-3.4.10-3.6.1.noarch", product: { name: "zookeeper-server-3.4.10-3.6.1.noarch", product_id: "zookeeper-server-3.4.10-3.6.1.noarch", }, }, { category: "product_version", name: "crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", product: { name: "crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", product_id: "crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", }, }, { category: "product_version", name: "crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", product: { name: "crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", product_id: "crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", product: { name: "documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", product_id: "documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", product: { name: "documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", product_id: "documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", product: { name: "documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", product_id: "documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", product: { name: "documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", product_id: "documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", product: { name: "documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", product_id: "documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", product: { name: "documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", product_id: "documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-socmmsoperator-8.20200319-1.23.1.noarch", product: { name: "documentation-suse-openstack-cloud-socmmsoperator-8.20200319-1.23.1.noarch", product_id: "documentation-suse-openstack-cloud-socmmsoperator-8.20200319-1.23.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-socmosoperator-8.20200319-1.23.1.noarch", product: { name: "documentation-suse-openstack-cloud-socmosoperator-8.20200319-1.23.1.noarch", product_id: "documentation-suse-openstack-cloud-socmosoperator-8.20200319-1.23.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-socmoverview-8.20200319-1.23.1.noarch", product: { name: "documentation-suse-openstack-cloud-socmoverview-8.20200319-1.23.1.noarch", product_id: "documentation-suse-openstack-cloud-socmoverview-8.20200319-1.23.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", product: { name: "documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", product_id: "documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", product: { name: "documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", product_id: "documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", product: { name: "documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", product_id: "documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", }, }, { category: "product_version", name: "documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", product: { name: "documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", product_id: "documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", }, }, { category: "product_version", name: "openstack-manila-test-5.1.1~dev5-3.26.2.noarch", product: { name: "openstack-manila-test-5.1.1~dev5-3.26.2.noarch", product_id: "openstack-manila-test-5.1.1~dev5-3.26.2.noarch", }, }, { category: "product_version", name: "openstack-neutron-test-11.0.9~dev63-3.30.2.noarch", product: { name: "openstack-neutron-test-11.0.9~dev63-3.30.2.noarch", product_id: "openstack-neutron-test-11.0.9~dev63-3.30.2.noarch", }, }, { category: "product_version", name: "openstack-nova-network-16.1.9~dev61-3.35.2.noarch", product: { name: "openstack-nova-network-16.1.9~dev61-3.35.2.noarch", product_id: "openstack-nova-network-16.1.9~dev61-3.35.2.noarch", }, }, { category: "product_version", name: "openstack-nova-test-16.1.9~dev61-3.35.2.noarch", product: { name: "openstack-nova-test-16.1.9~dev61-3.35.2.noarch", product_id: "openstack-nova-test-16.1.9~dev61-3.35.2.noarch", }, }, { category: "product_version", name: "python3-amqp-2.4.2-3.9.1.noarch", product: { name: "python3-amqp-2.4.2-3.9.1.noarch", product_id: "python3-amqp-2.4.2-3.9.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.ppc64le", product: { name: "crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.ppc64le", product_id: "crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.ppc64le", }, }, { category: "product_version", name: "crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.ppc64le", product: { name: "crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.ppc64le", product_id: "crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.ppc64le", }, }, { category: "product_version", name: "crowbar-core-devel-5.0+git.1585575551.16781d00d-3.38.1.ppc64le", product: { name: "crowbar-core-devel-5.0+git.1585575551.16781d00d-3.38.1.ppc64le", product_id: "crowbar-core-devel-5.0+git.1585575551.16781d00d-3.38.1.ppc64le", }, }, { category: "product_version", name: "libzookeeper2-3.4.10-3.6.1.ppc64le", product: { name: "libzookeeper2-3.4.10-3.6.1.ppc64le", product_id: "libzookeeper2-3.4.10-3.6.1.ppc64le", }, }, { category: "product_version", name: "libzookeeper2-devel-3.4.10-3.6.1.ppc64le", product: { name: "libzookeeper2-devel-3.4.10-3.6.1.ppc64le", product_id: "libzookeeper2-devel-3.4.10-3.6.1.ppc64le", }, }, { category: "product_version", name: "memcached-1.5.17-3.3.1.ppc64le", product: { name: "memcached-1.5.17-3.3.1.ppc64le", product_id: "memcached-1.5.17-3.3.1.ppc64le", }, }, { category: "product_version", name: "memcached-devel-1.5.17-3.3.1.ppc64le", product: { name: "memcached-devel-1.5.17-3.3.1.ppc64le", product_id: "memcached-devel-1.5.17-3.3.1.ppc64le", }, }, { category: "product_version", name: "pdns-4.1.2-3.6.1.ppc64le", product: { name: "pdns-4.1.2-3.6.1.ppc64le", product_id: "pdns-4.1.2-3.6.1.ppc64le", }, }, { category: "product_version", name: "pdns-backend-godbc-4.1.2-3.6.1.ppc64le", product: { name: "pdns-backend-godbc-4.1.2-3.6.1.ppc64le", product_id: "pdns-backend-godbc-4.1.2-3.6.1.ppc64le", }, }, { category: "product_version", name: "pdns-backend-ldap-4.1.2-3.6.1.ppc64le", product: { name: "pdns-backend-ldap-4.1.2-3.6.1.ppc64le", product_id: "pdns-backend-ldap-4.1.2-3.6.1.ppc64le", }, }, { category: "product_version", name: "pdns-backend-lua-4.1.2-3.6.1.ppc64le", product: { name: "pdns-backend-lua-4.1.2-3.6.1.ppc64le", product_id: "pdns-backend-lua-4.1.2-3.6.1.ppc64le", }, }, { category: "product_version", name: "pdns-backend-mydns-4.1.2-3.6.1.ppc64le", product: { name: "pdns-backend-mydns-4.1.2-3.6.1.ppc64le", product_id: "pdns-backend-mydns-4.1.2-3.6.1.ppc64le", }, }, { category: "product_version", name: "pdns-backend-mysql-4.1.2-3.6.1.ppc64le", product: { name: "pdns-backend-mysql-4.1.2-3.6.1.ppc64le", product_id: "pdns-backend-mysql-4.1.2-3.6.1.ppc64le", }, }, { category: "product_version", name: "pdns-backend-postgresql-4.1.2-3.6.1.ppc64le", product: { name: "pdns-backend-postgresql-4.1.2-3.6.1.ppc64le", product_id: "pdns-backend-postgresql-4.1.2-3.6.1.ppc64le", }, }, { category: "product_version", name: "pdns-backend-remote-4.1.2-3.6.1.ppc64le", product: { name: "pdns-backend-remote-4.1.2-3.6.1.ppc64le", product_id: "pdns-backend-remote-4.1.2-3.6.1.ppc64le", }, }, { category: "product_version", name: "pdns-backend-sqlite3-4.1.2-3.6.1.ppc64le", product: { name: "pdns-backend-sqlite3-4.1.2-3.6.1.ppc64le", product_id: "pdns-backend-sqlite3-4.1.2-3.6.1.ppc64le", }, }, { category: "product_version", name: "ruby2.1-rubygem-puma-2.16.0-3.6.1.ppc64le", product: { name: "ruby2.1-rubygem-puma-2.16.0-3.6.1.ppc64le", product_id: "ruby2.1-rubygem-puma-2.16.0-3.6.1.ppc64le", }, }, { category: "product_version", name: "ruby2.1-rubygem-puma-doc-2.16.0-3.6.1.ppc64le", product: { name: "ruby2.1-rubygem-puma-doc-2.16.0-3.6.1.ppc64le", product_id: "ruby2.1-rubygem-puma-doc-2.16.0-3.6.1.ppc64le", }, }, { category: "product_version", name: "zookeeper-client-3.4.10-3.6.1.ppc64le", product: { name: "zookeeper-client-3.4.10-3.6.1.ppc64le", product_id: "zookeeper-client-3.4.10-3.6.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.s390x", product: { name: "crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.s390x", product_id: "crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.s390x", }, }, { category: "product_version", name: "crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.s390x", product: { name: "crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.s390x", product_id: "crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.s390x", }, }, { category: "product_version", name: "crowbar-core-devel-5.0+git.1585575551.16781d00d-3.38.1.s390x", product: { name: "crowbar-core-devel-5.0+git.1585575551.16781d00d-3.38.1.s390x", product_id: "crowbar-core-devel-5.0+git.1585575551.16781d00d-3.38.1.s390x", }, }, { category: "product_version", name: "libzookeeper2-3.4.10-3.6.1.s390x", product: { name: "libzookeeper2-3.4.10-3.6.1.s390x", product_id: "libzookeeper2-3.4.10-3.6.1.s390x", }, }, { category: "product_version", name: "libzookeeper2-devel-3.4.10-3.6.1.s390x", product: { name: "libzookeeper2-devel-3.4.10-3.6.1.s390x", product_id: "libzookeeper2-devel-3.4.10-3.6.1.s390x", }, }, { category: "product_version", name: "memcached-1.5.17-3.3.1.s390x", product: { name: "memcached-1.5.17-3.3.1.s390x", product_id: "memcached-1.5.17-3.3.1.s390x", }, }, { category: "product_version", name: "memcached-devel-1.5.17-3.3.1.s390x", product: { name: "memcached-devel-1.5.17-3.3.1.s390x", product_id: "memcached-devel-1.5.17-3.3.1.s390x", }, }, { category: "product_version", name: "pdns-4.1.2-3.6.1.s390x", product: { name: "pdns-4.1.2-3.6.1.s390x", product_id: "pdns-4.1.2-3.6.1.s390x", }, }, { category: "product_version", name: "pdns-backend-godbc-4.1.2-3.6.1.s390x", product: { name: "pdns-backend-godbc-4.1.2-3.6.1.s390x", product_id: "pdns-backend-godbc-4.1.2-3.6.1.s390x", }, }, { category: "product_version", name: "pdns-backend-ldap-4.1.2-3.6.1.s390x", product: { name: "pdns-backend-ldap-4.1.2-3.6.1.s390x", product_id: "pdns-backend-ldap-4.1.2-3.6.1.s390x", }, }, { category: "product_version", name: "pdns-backend-lua-4.1.2-3.6.1.s390x", product: { name: "pdns-backend-lua-4.1.2-3.6.1.s390x", product_id: "pdns-backend-lua-4.1.2-3.6.1.s390x", }, }, { category: "product_version", name: "pdns-backend-mydns-4.1.2-3.6.1.s390x", product: { name: "pdns-backend-mydns-4.1.2-3.6.1.s390x", product_id: "pdns-backend-mydns-4.1.2-3.6.1.s390x", }, }, { category: "product_version", name: "pdns-backend-mysql-4.1.2-3.6.1.s390x", product: { name: "pdns-backend-mysql-4.1.2-3.6.1.s390x", product_id: "pdns-backend-mysql-4.1.2-3.6.1.s390x", }, }, { category: "product_version", name: "pdns-backend-postgresql-4.1.2-3.6.1.s390x", product: { name: "pdns-backend-postgresql-4.1.2-3.6.1.s390x", product_id: "pdns-backend-postgresql-4.1.2-3.6.1.s390x", }, }, { category: "product_version", name: "pdns-backend-remote-4.1.2-3.6.1.s390x", product: { name: "pdns-backend-remote-4.1.2-3.6.1.s390x", product_id: "pdns-backend-remote-4.1.2-3.6.1.s390x", }, }, { category: "product_version", name: "pdns-backend-sqlite3-4.1.2-3.6.1.s390x", product: { name: "pdns-backend-sqlite3-4.1.2-3.6.1.s390x", product_id: "pdns-backend-sqlite3-4.1.2-3.6.1.s390x", }, }, { category: "product_version", name: "ruby2.1-rubygem-puma-2.16.0-3.6.1.s390x", product: { name: "ruby2.1-rubygem-puma-2.16.0-3.6.1.s390x", product_id: "ruby2.1-rubygem-puma-2.16.0-3.6.1.s390x", }, }, { category: "product_version", name: "ruby2.1-rubygem-puma-doc-2.16.0-3.6.1.s390x", product: { name: "ruby2.1-rubygem-puma-doc-2.16.0-3.6.1.s390x", product_id: "ruby2.1-rubygem-puma-doc-2.16.0-3.6.1.s390x", }, }, { category: "product_version", name: "zookeeper-client-3.4.10-3.6.1.s390x", product: { name: "zookeeper-client-3.4.10-3.6.1.s390x", product_id: "zookeeper-client-3.4.10-3.6.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "memcached-1.5.17-3.3.1.x86_64", product: { name: "memcached-1.5.17-3.3.1.x86_64", product_id: "memcached-1.5.17-3.3.1.x86_64", }, }, { category: "product_version", name: "pdns-4.1.2-3.6.1.x86_64", product: { name: "pdns-4.1.2-3.6.1.x86_64", product_id: "pdns-4.1.2-3.6.1.x86_64", }, }, { category: "product_version", name: "pdns-backend-mysql-4.1.2-3.6.1.x86_64", product: { name: "pdns-backend-mysql-4.1.2-3.6.1.x86_64", product_id: "pdns-backend-mysql-4.1.2-3.6.1.x86_64", }, }, { category: "product_version", name: "crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", product: { name: "crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", product_id: "crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", }, }, { category: "product_version", name: "crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", product: { name: "crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", product_id: "crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", }, }, { category: "product_version", name: "crowbar-core-devel-5.0+git.1585575551.16781d00d-3.38.1.x86_64", product: { name: "crowbar-core-devel-5.0+git.1585575551.16781d00d-3.38.1.x86_64", product_id: "crowbar-core-devel-5.0+git.1585575551.16781d00d-3.38.1.x86_64", }, }, { category: "product_version", name: "libzookeeper2-3.4.10-3.6.1.x86_64", product: { name: "libzookeeper2-3.4.10-3.6.1.x86_64", product_id: "libzookeeper2-3.4.10-3.6.1.x86_64", }, }, { category: "product_version", name: "libzookeeper2-devel-3.4.10-3.6.1.x86_64", product: { name: "libzookeeper2-devel-3.4.10-3.6.1.x86_64", product_id: "libzookeeper2-devel-3.4.10-3.6.1.x86_64", }, }, { category: "product_version", name: "memcached-devel-1.5.17-3.3.1.x86_64", product: { name: "memcached-devel-1.5.17-3.3.1.x86_64", product_id: "memcached-devel-1.5.17-3.3.1.x86_64", }, }, { category: "product_version", name: "pdns-backend-godbc-4.1.2-3.6.1.x86_64", product: { name: "pdns-backend-godbc-4.1.2-3.6.1.x86_64", product_id: "pdns-backend-godbc-4.1.2-3.6.1.x86_64", }, }, { category: "product_version", name: "pdns-backend-ldap-4.1.2-3.6.1.x86_64", product: { name: "pdns-backend-ldap-4.1.2-3.6.1.x86_64", product_id: "pdns-backend-ldap-4.1.2-3.6.1.x86_64", }, }, { category: "product_version", name: "pdns-backend-lua-4.1.2-3.6.1.x86_64", product: { name: "pdns-backend-lua-4.1.2-3.6.1.x86_64", product_id: "pdns-backend-lua-4.1.2-3.6.1.x86_64", }, }, { category: "product_version", name: "pdns-backend-mydns-4.1.2-3.6.1.x86_64", product: { name: "pdns-backend-mydns-4.1.2-3.6.1.x86_64", product_id: "pdns-backend-mydns-4.1.2-3.6.1.x86_64", }, }, { category: "product_version", name: "pdns-backend-postgresql-4.1.2-3.6.1.x86_64", product: { name: "pdns-backend-postgresql-4.1.2-3.6.1.x86_64", product_id: "pdns-backend-postgresql-4.1.2-3.6.1.x86_64", }, }, { category: "product_version", name: "pdns-backend-remote-4.1.2-3.6.1.x86_64", product: { name: "pdns-backend-remote-4.1.2-3.6.1.x86_64", product_id: "pdns-backend-remote-4.1.2-3.6.1.x86_64", }, }, { category: "product_version", name: "pdns-backend-sqlite3-4.1.2-3.6.1.x86_64", product: { name: "pdns-backend-sqlite3-4.1.2-3.6.1.x86_64", product_id: "pdns-backend-sqlite3-4.1.2-3.6.1.x86_64", }, }, { category: "product_version", name: "ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", product: { name: "ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", product_id: "ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", }, }, { category: "product_version", name: "ruby2.1-rubygem-puma-doc-2.16.0-3.6.1.x86_64", product: { name: "ruby2.1-rubygem-puma-doc-2.16.0-3.6.1.x86_64", product_id: "ruby2.1-rubygem-puma-doc-2.16.0-3.6.1.x86_64", }, }, { category: "product_version", name: "zookeeper-client-3.4.10-3.6.1.x86_64", product: { name: "zookeeper-client-3.4.10-3.6.1.x86_64", product_id: "zookeeper-client-3.4.10-3.6.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "HPE Helion OpenStack 8", product: { name: "HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8", product_identification_helper: { cpe: "cpe:/o:suse:hpe-helion-openstack:8", }, }, }, { category: "product_name", name: "SUSE OpenStack Cloud 8", product: { name: "SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud:8", }, }, }, { category: "product_name", name: "SUSE OpenStack Cloud Crowbar 8", product: { name: "SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud-crowbar:8", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", }, product_reference: "ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", }, product_reference: "ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", }, product_reference: "ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", }, product_reference: "ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", }, product_reference: "ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", }, product_reference: "ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", }, product_reference: "ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", }, product_reference: "ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", }, product_reference: "documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", }, product_reference: "documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", }, product_reference: "documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", }, product_reference: "documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", }, product_reference: "documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", }, product_reference: "documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "memcached-1.5.17-3.3.1.x86_64 as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", }, product_reference: "memcached-1.5.17-3.3.1.x86_64", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-5.1.1~dev5-3.26.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", }, product_reference: "openstack-manila-5.1.1~dev5-3.26.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-api-5.1.1~dev5-3.26.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", }, product_reference: "openstack-manila-api-5.1.1~dev5-3.26.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-data-5.1.1~dev5-3.26.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", }, product_reference: "openstack-manila-data-5.1.1~dev5-3.26.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-doc-5.1.1~dev5-3.26.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", }, product_reference: "openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", }, product_reference: "openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-share-5.1.1~dev5-3.26.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", }, product_reference: "openstack-manila-share-5.1.1~dev5-3.26.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-11.0.9~dev63-3.30.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", }, product_reference: "openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-server-11.0.9~dev63-3.30.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-16.1.9~dev61-3.35.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-api-16.1.9~dev61-3.35.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-api-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-cells-16.1.9~dev61-3.35.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-compute-16.1.9~dev61-3.35.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-console-16.1.9~dev61-3.35.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-console-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-doc-16.1.9~dev61-3.35.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", }, product_reference: "openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "pdns-4.1.2-3.6.1.x86_64 as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", }, product_reference: "pdns-4.1.2-3.6.1.x86_64", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "pdns-backend-mysql-4.1.2-3.6.1.x86_64 as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", }, product_reference: "pdns-backend-mysql-4.1.2-3.6.1.x86_64", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "python-amqp-2.4.2-3.9.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", }, product_reference: "python-amqp-2.4.2-3.9.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "python-manila-5.1.1~dev5-3.26.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", }, product_reference: "python-manila-5.1.1~dev5-3.26.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "python-neutron-11.0.9~dev63-3.30.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", }, product_reference: "python-neutron-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "python-nova-16.1.9~dev61-3.35.2.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", }, product_reference: "python-nova-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", }, product_reference: "venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", }, product_reference: "venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", }, product_reference: "venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", }, product_reference: "venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", }, product_reference: "venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", }, product_reference: "venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", }, product_reference: "venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", }, product_reference: "venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", }, product_reference: "venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", }, product_reference: "venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", }, product_reference: "venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", }, product_reference: "venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", }, product_reference: "venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", }, product_reference: "venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", }, product_reference: "venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", }, product_reference: "venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", }, product_reference: "venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", }, product_reference: "venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", }, product_reference: "venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "zookeeper-server-3.4.10-3.6.1.noarch as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", }, product_reference: "zookeeper-server-3.4.10-3.6.1.noarch", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", }, product_reference: "ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", }, product_reference: "ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", }, product_reference: "ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", }, product_reference: "ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", }, product_reference: "ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", }, product_reference: "ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", }, product_reference: "ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", }, product_reference: "ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "memcached-1.5.17-3.3.1.x86_64 as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", }, product_reference: "memcached-1.5.17-3.3.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-5.1.1~dev5-3.26.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", }, product_reference: "openstack-manila-5.1.1~dev5-3.26.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-api-5.1.1~dev5-3.26.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", }, product_reference: "openstack-manila-api-5.1.1~dev5-3.26.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-data-5.1.1~dev5-3.26.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", }, product_reference: "openstack-manila-data-5.1.1~dev5-3.26.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-doc-5.1.1~dev5-3.26.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", }, product_reference: "openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", }, product_reference: "openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-share-5.1.1~dev5-3.26.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", }, product_reference: "openstack-manila-share-5.1.1~dev5-3.26.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-11.0.9~dev63-3.30.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", }, product_reference: "openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-server-11.0.9~dev63-3.30.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-api-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-api-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-cells-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-compute-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-console-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-console-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-doc-16.1.9~dev61-3.35.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", }, product_reference: "openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "pdns-4.1.2-3.6.1.x86_64 as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", }, product_reference: "pdns-4.1.2-3.6.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "pdns-backend-mysql-4.1.2-3.6.1.x86_64 as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", }, product_reference: "pdns-backend-mysql-4.1.2-3.6.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "python-amqp-2.4.2-3.9.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", }, product_reference: "python-amqp-2.4.2-3.9.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "python-manila-5.1.1~dev5-3.26.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", }, product_reference: "python-manila-5.1.1~dev5-3.26.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "python-neutron-11.0.9~dev63-3.30.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", }, product_reference: "python-neutron-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "python-nova-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", }, product_reference: "python-nova-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", }, product_reference: "venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", }, product_reference: "venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", }, product_reference: "venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", }, product_reference: "venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", }, product_reference: "venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", }, product_reference: "venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", }, product_reference: "venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", }, product_reference: "venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", }, product_reference: "venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", }, product_reference: "venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", }, product_reference: "venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", }, product_reference: "venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", }, product_reference: "venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", }, product_reference: "venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", }, product_reference: "venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", }, product_reference: "venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", }, product_reference: "venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", }, product_reference: "venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", }, product_reference: "venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "zookeeper-server-3.4.10-3.6.1.noarch as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", }, product_reference: "zookeeper-server-3.4.10-3.6.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", }, product_reference: "crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", }, product_reference: "crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", }, product_reference: "crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", }, product_reference: "crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", }, product_reference: "documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "memcached-1.5.17-3.3.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", }, product_reference: "memcached-1.5.17-3.3.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-5.1.1~dev5-3.26.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", }, product_reference: "openstack-manila-5.1.1~dev5-3.26.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-api-5.1.1~dev5-3.26.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", }, product_reference: "openstack-manila-api-5.1.1~dev5-3.26.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-data-5.1.1~dev5-3.26.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", }, product_reference: "openstack-manila-data-5.1.1~dev5-3.26.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-doc-5.1.1~dev5-3.26.1.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", }, product_reference: "openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", }, product_reference: "openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-share-5.1.1~dev5-3.26.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", }, product_reference: "openstack-manila-share-5.1.1~dev5-3.26.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-11.0.9~dev63-3.30.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", }, product_reference: "openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-server-11.0.9~dev63-3.30.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", }, product_reference: "openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-api-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-api-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-cells-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-compute-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-console-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-console-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-doc-16.1.9~dev61-3.35.1.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", }, product_reference: "openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", }, product_reference: "openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "python-amqp-2.4.2-3.9.1.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", }, product_reference: "python-amqp-2.4.2-3.9.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "python-manila-5.1.1~dev5-3.26.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", }, product_reference: "python-manila-5.1.1~dev5-3.26.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "python-neutron-11.0.9~dev63-3.30.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", }, product_reference: "python-neutron-11.0.9~dev63-3.30.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "python-nova-16.1.9~dev61-3.35.2.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", }, product_reference: "python-nova-16.1.9~dev61-3.35.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", }, product_reference: "ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "zookeeper-server-3.4.10-3.6.1.noarch as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", }, product_reference: "zookeeper-server-3.4.10-3.6.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, ], }, vulnerabilities: [ { cve: "CVE-2017-5637", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5637", }, ], notes: [ { category: "general", text: "Two four letter word commands \"wchp/wchc\" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2017-5637", url: "https://www.suse.com/security/cve/CVE-2017-5637", }, { category: "external", summary: "SUSE Bug 1040519 for CVE-2017-5637", url: "https://bugzilla.suse.com/1040519", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-04-22T12:41:50Z", details: "important", }, ], title: "CVE-2017-5637", }, { cve: "CVE-2018-10851", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10851", }, ], notes: [ { category: "general", text: "PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-10851", url: "https://www.suse.com/security/cve/CVE-2018-10851", }, { category: "external", summary: "SUSE Bug 1114157 for CVE-2018-10851", url: "https://bugzilla.suse.com/1114157", }, { category: "external", summary: "SUSE Bug 1114169 for CVE-2018-10851", url: "https://bugzilla.suse.com/1114169", }, { category: "external", summary: "SUSE Bug 1114170 for CVE-2018-10851", url: "https://bugzilla.suse.com/1114170", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-04-22T12:41:50Z", details: "moderate", }, ], title: "CVE-2018-10851", }, { cve: "CVE-2018-14626", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14626", }, ], notes: [ { category: "general", text: "PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-14626", url: "https://www.suse.com/security/cve/CVE-2018-14626", }, { category: "external", summary: "SUSE Bug 1114157 for CVE-2018-14626", url: "https://bugzilla.suse.com/1114157", }, { category: "external", summary: "SUSE Bug 1114169 for CVE-2018-14626", url: "https://bugzilla.suse.com/1114169", }, { category: "external", summary: "SUSE Bug 1114170 for CVE-2018-14626", url: "https://bugzilla.suse.com/1114170", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-04-22T12:41:50Z", details: "moderate", }, ], title: "CVE-2018-14626", }, { cve: "CVE-2019-0201", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-0201", }, ], notes: [ { category: "general", text: "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper's getACL() command doesn't check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-0201", url: "https://www.suse.com/security/cve/CVE-2019-0201", }, { category: "external", summary: "SUSE Bug 1135773 for CVE-2019-0201", url: "https://bugzilla.suse.com/1135773", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-04-22T12:41:50Z", details: "important", }, ], title: "CVE-2019-0201", }, { cve: "CVE-2019-11596", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11596", }, ], notes: [ { category: "general", text: "In memcached before 1.5.14, a NULL pointer dereference was found in the \"lru mode\" and \"lru temp_ttl\" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-11596", url: "https://www.suse.com/security/cve/CVE-2019-11596", }, { category: "external", summary: "SUSE Bug 1133817 for CVE-2019-11596", url: "https://bugzilla.suse.com/1133817", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-04-22T12:41:50Z", details: "important", }, ], title: "CVE-2019-11596", }, { cve: "CVE-2019-15026", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-15026", }, ], notes: [ { category: "general", text: "memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-15026", url: "https://www.suse.com/security/cve/CVE-2019-15026", }, { category: "external", summary: "SUSE Bug 1149110 for CVE-2019-15026", url: "https://bugzilla.suse.com/1149110", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.0", }, products: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-04-22T12:41:50Z", details: "low", }, ], title: "CVE-2019-15026", }, { cve: "CVE-2019-3871", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-3871", }, ], notes: [ { category: "general", text: "A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-3871", url: "https://www.suse.com/security/cve/CVE-2019-3871", }, { category: "external", summary: "SUSE Bug 1129734 for CVE-2019-3871", url: "https://bugzilla.suse.com/1129734", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.0", }, products: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-04-22T12:41:50Z", details: "moderate", }, ], title: "CVE-2019-3871", }, { cve: "CVE-2020-5247", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-5247", }, ], notes: [ { category: "general", text: "In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-5247", url: "https://www.suse.com/security/cve/CVE-2020-5247", }, { category: "external", summary: "SUSE Bug 1165402 for CVE-2020-5247", url: "https://bugzilla.suse.com/1165402", }, { category: "external", summary: "SUSE Bug 1165524 for CVE-2020-5247", url: "https://bugzilla.suse.com/1165524", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-04-22T12:41:50Z", details: "moderate", }, ], title: "CVE-2020-5247", }, { cve: "CVE-2020-9543", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-9543", }, ], notes: [ { category: "general", text: "OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-9543", url: "https://www.suse.com/security/cve/CVE-2020-9543", }, { category: "external", summary: "SUSE Bug 1165643 for CVE-2020-9543", url: "https://bugzilla.suse.com/1165643", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "HPE Helion OpenStack 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "HPE Helion OpenStack 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "HPE Helion OpenStack 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "HPE Helion OpenStack 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "HPE Helion OpenStack 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "HPE Helion OpenStack 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "HPE Helion OpenStack 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20200319-1.23.1.noarch", "HPE Helion OpenStack 8:memcached-1.5.17-3.3.1.x86_64", "HPE Helion OpenStack 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "HPE Helion OpenStack 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "HPE Helion OpenStack 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "HPE Helion OpenStack 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:pdns-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "HPE Helion OpenStack 8:python-amqp-2.4.2-3.9.1.noarch", "HPE Helion OpenStack 8:python-manila-5.1.1~dev5-3.26.2.noarch", "HPE Helion OpenStack 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "HPE Helion OpenStack 8:python-nova-16.1.9~dev61-3.35.2.noarch", "HPE Helion OpenStack 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "HPE Helion OpenStack 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "HPE Helion OpenStack 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "HPE Helion OpenStack 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "HPE Helion OpenStack 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "HPE Helion OpenStack 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "HPE Helion OpenStack 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "HPE Helion OpenStack 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "HPE Helion OpenStack 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1.noarch", "SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1.noarch", "SUSE OpenStack Cloud 8:ardana-db-8.0+git.1583944923.03cca6c-3.31.1.noarch", "SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1583944894.38f023a-3.24.1.noarch", "SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1583944811.dc14403-3.19.1.noarch", "SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1.noarch", "SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1.noarch", "SUSE OpenStack Cloud 8:ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:pdns-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:pdns-backend-mysql-4.1.2-3.6.1.x86_64", "SUSE OpenStack Cloud 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud 8:venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1.noarch", "SUSE OpenStack Cloud 8:venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1.noarch", "SUSE OpenStack Cloud 8:zookeeper-server-3.4.10-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:crowbar-ha-5.0+git.1585316176.344190f-3.32.1.noarch", "SUSE OpenStack Cloud Crowbar 8:crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1.noarch", "SUSE OpenStack Cloud Crowbar 8:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-api-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-data-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-doc-5.1.1~dev5-3.26.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-scheduler-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-manila-share-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-doc-11.0.9~dev63-3.30.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-ha-tool-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-l3-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-metering-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-neutron-server-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-cells-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-compute-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-conductor-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-console-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-consoleauth-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-doc-16.1.9~dev61-3.35.1.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-novncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-placement-api-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-scheduler-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-serialproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:openstack-nova-vncproxy-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-amqp-2.4.2-3.9.1.noarch", "SUSE OpenStack Cloud Crowbar 8:python-manila-5.1.1~dev5-3.26.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-neutron-11.0.9~dev63-3.30.2.noarch", "SUSE OpenStack Cloud Crowbar 8:python-nova-16.1.9~dev61-3.35.2.noarch", "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:zookeeper-server-3.4.10-3.6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-04-22T12:41:50Z", details: "important", }, ], title: "CVE-2020-9543", }, ], }
suse-ru-2020:2072-1
Vulnerability from csaf_suse
Published
2020-07-29 14:31
Modified
2020-07-29 14:31
Summary
Security update for ansible, crowbar-core, crowbar-ha, crowbar-openstack, etcd, flannel, grafana, keepalived, kibana, memcached, monasca-installer, openstack-dashboard-theme-SUSE, openstack-manila, openstack-neutron-fwaas, openstack-nova, openstack-tempest, python-Django, python-Pillow, python-psql2mysql, python-psutil, python-py, python-pysaml2, python-waitress, rabbitmq-server, release-notes-suse-openstack-cloud, zookeeper
Notes
Title of the patch
Security update for ansible, crowbar-core, crowbar-ha, crowbar-openstack, etcd, flannel, grafana, keepalived, kibana, memcached, monasca-installer, openstack-dashboard-theme-SUSE, openstack-manila, openstack-neutron-fwaas, openstack-nova, openstack-tempest, python-Django, python-Pillow, python-psql2mysql, python-psutil, python-py, python-pysaml2, python-waitress, rabbitmq-server, release-notes-suse-openstack-cloud, zookeeper
Description of the patch
This update for ansible, crowbar-core, crowbar-ha, crowbar-openstack, etcd, flannel, grafana, keepalived, kibana, memcached, monasca-installer, openstack-dashboard-theme-SUSE, openstack-manila, openstack-neutron-fwaas, openstack-nova, openstack-tempest, python-Django, python-Pillow, python-psql2mysql, python-psutil, python-py, python-pysaml2, python-waitress, rabbitmq-server, release-notes-suse-openstack-cloud, zookeeper fixes the following issues:
Security fixes included ins this update:
ansible
- CVE-2019-3828: Fixed a path traversal in the fetch module (bsc#1126503).
grafana
- CVE-2020-13379: Fixed an incorrect access control issue which could
lead to information leaks or denial of service (bsc#1172409).
- CVE-2020-12052: Fixed an cross site scripting vulnerability related to
the annotation popup (bsc#1170657).
kibana
- CVE-2020-10743: Fixed a clickjacking vulnerability (bsc#1171909).
memcached (to version 1.5.17)
- CVE-2019-15026: Fixed a stack-based buffer over-read
in conn_to_str()n (bsc#1149110).
- CVE-2019-11596: Fixed a denial of service in the 'lru' command
(bsc#1133817)
- CVE-2018-1000115: Disabled UDP by default to reduce DDoS amplification
attacks (bsc#1083903).
python-Django
- CVE-2020-13254: Fixed a data leakage via malformed memcached keys
(bsc#1172167).
- CVE-2020-13596: Fixed a cross site scripting vulnerability related to
the admin parameters of the ForeignKeyRawIdWidget (bsc#1172166).
- Fixed a regression with the fix for CVE-2019-3498 (bsc#1161349).
python-Pillow
- CVE-2019-16865: Fixed a denial of service with specially crafted
image files (bsc#1153191).
- CVE-2020-5312: Fixed a buffer overflow in the PCX P mode (bsc#1160152).
- CVE-2020-5313: Fixed a buffer overflow related to FLI (bsc#1160153).
- CVE-2019-19911: Fixed a denial of service in FpxImagePlugin.py
(bsc#1160192).
python-pysaml2
- CVE-2020-5390: Fixed an issue with the verification of signatures in
SAML documents (bsc#1160851)
- CVE-2017-1000246: Fixed an issue with weak encryption data, caused by
initialization vector reuse(bsc#1068612).
python-waitress (to version 1.4.3)
- CVE-2019-16785: Fixed HTTP request smuggling through LF vs CRLF
handling (bsc#1161088).
- CVE-2019-16786: Fixed HTTP request smuggling through invalid
Transfer-Encoding (bsc#1161089).
- CVE-2019-16789: Fixed HTTP Request Smuggling through invalid
whitespace characters (bsc#1160790).
- CVE-2019-16792: Fixed HTTP Request Smuggling through Content-Length
header handling (bsc#1161670).
rubygem-activeresource
- CVE-2020-8151: Fixed information disclosure issue through specially
crafted requests (bsc#1171560)
rubygem-json-1_7
- CVE-2020-10663: Fixed Unsafe Object Creation Vulnerability in JSON
(bsc#1167244)
rubygem-puma
- CVE-2020-11077: Fixed HTTP Request Smuggling through proxy (bsc#1172175)
- CVE-2020-11076: Fixed HTTP Request smuggling through invalid
Transfer-Encoding header.
- CVE-2020-5247: Fixed HTTP Response Splitting through newline characters
handling (bsc#1165402)
zookeeper:
- CVE-2019-0201: Fixed an information disclosure related to
getACL() (bsc#1135773).
Non security fixes included in this update:
Changes in ansible:
- Add 0001-Disallow-use-of-remote-home-directories-containing-..patch
(bsc#1126503, CVE-2019-3828)
Changes in crowbar-core:
- Update to version 4.0+git.1580209654.1d112d31f:
* network: start OVS before wickedd (SOC-11067)
Changes in crowbar-ha:
- Update to version 4.0+git.1585316203.d6ad2c8:
* [4.0] add ssl termination on haproxy (bsc#1149535)
Changes in crowbar-openstack:
- Update to version 4.0+git.1589804581.9972163f0:
* [4.0] magnum: fix check for image/flavor (SOC-11251)
- Update to version 4.0+git.1589647351.ccfd9481f:
* [4.0] trove: fix rabbitmq connection URL (SOC-11286)
- Update to version 4.0+git.1589458214.9f765aa08:
* [4.0] Fix create magnum k8s image and flavor (SOC-11251)
- Update to version 4.0+git.1588271860.131fc8cc1:
* run keystone_register on cluster founder only when HA (SOC-11248)
* nova: run keystone_register on cluster founder only (SOC-11243)
- Update to version 4.0+git.1588096523.679da5c50:
* tempest: retry openstack commands (SOC-11238)
- Update to version 4.0+git.1587129016.c009e43c9:
* Disable magnum.tests.functional.api.v1.test_cluster (SOC-11224)
- Update to version 4.0+git.1587035427.abb6e9b4e:
* Fix barbican SSL support (SOC-9298)
- Update to version 4.0+git.1586421486.5601320b7:
* Fix magnum tempest tests (SOC-9298)
- Update to version 4.0+git.1585331022.609482166:
* tempest: update blacklisted tempest test cases (SOC-9801,SOC-11174,SOC-11187)
- Update to version 4.0+git.1585136604.988f3a1da:
* Disabling failing tempest tests on SOC7
* [4.0] ec2-api: run keystone_register on cluster founder only (SOC-11079)
- Update to version 4.0+git.1582582068.c8c2448c0:
* neutron: Place space between CLI arguments
- Update to version 4.0+git.1580894959.1fe5fd282:
* Revert '[4.0] rabbitmq: sync startup definitions.json with recipe' (SOC-11082)
- Update to version 4.0+git.1580469474.967ab8baf:
* rabbitmq: sync startup definitions.json with recipe (SOC-11077)
Changes in etcd:
- Build against go 1.6
- Fix etcd build. We are generating 2 binaries, etcd and etcdctl.
They need to be built separately
- Ensure /var/lib/etcd is controlled by etcd:etcd
- exclude i586. We don't expect this package to be built on i586.
- remove sysconfig.etcd: this file is not being used
- Update to version 3.1.0:
* raft: add node should reset the pendingConf state
* v3rpc: don't close watcher if client closes send
* e2e: add test for v3 watch over grpc gateway
* mvcc: remove unused restore method
* integration: don't expect recv to stop on CloseSend in waitResponse
* Documentation: add grpc gateway watch example
* version: bump up v3.1.0-rc.1+git
* discovery: warn on scheme mismatch
* grpcproxy: fix deadlock on watch broadcasts stop
* etcdmain: add '/metrics' HTTP/1 path to grpc-proxy
* etcd-tester: do not resolve localhost
* raftexample: confState should be saved after apply
* raft: test case to check the duplicate add node propose
* raft: fix test case, should wait config propose applied
* raft: fix test case for data race
* raft: use the channel instead of sleep to make test case reliable
* raft: fix TestNodeProposeAddDuplicateNode
* etcdmain: handle TLS in grpc-proxy listener
* etcd-tester:limit max retry backoff delay
* functional-tester: add withBlock() to grpc dial
* op-guide: add notes about Prometheus data source in Grafana
* clientv3: return copy of endpoints, not pointer
* auth: add a timeout mechanism to simple token
* client: update README about health monitoring
* grpcproxy: fix race between watch ranges delete() and broadcasts empty()
* lease: Use monotonic time in lease
* integration: use Range to wait for reboot in quota tests
* grpcproxy: fix race between coalesce and bcast on nextrev
* etcd-tester: refactor lease checker
* store: check sorted order in TestStoreGetSorted
* vendor: bump go-systemd to v14 to avoid build error
* integration: cancel Watch when TestV3WatchWithPrevKV exits
* grpcproxy: add richer metrics for watch
* grpcproxy: add cache related metrics
* raft: Fix election 'logs converge' test
* raft: Export Progress.IsPaused
* benchmark: add rate limit
* etcdctl: remove GetUser check before mutable commands
* grpcproxy: lock store when getting size
* Documentation: link added to libraries-and-tools.md with a new v2 Scala Client
* grpcproxy: fix deadlock in watchbroadcast
* etcdserver: time out when readStateC is blocking
* store: fix store_test.go comments
* vendor: update ugorji/go
* client: update generated ugorji codec
* doc: initial faq
* clientv3/integration: test lease keepalive works following quorum loss
* integration: use RequireLeader for TestV3LeaseFailover
* v3rpc, etcdserver, leasehttp: ctxize Renew with request timeout
* Documentation: add blox and chain as users
* etcdserver: do not send v2 sync if ttl keys do not exist
* ROADMAP: update for 3.2
* Documentation: add more FAQ questions
* grpcproxy: fix minor typo
* vendor: use versions when possible in glide.yaml
* scripts: use glide update if repo exists in glide.lock
* github: make bug reporting link non-relative
* github: make contribution link non-relative
* Documentation: update get examples to be clearer about ranges
* etcdserver, embed, v2http: move pprof setup to embed
* doc: add faq about apply warning logging
* test: exclude '_home' for gosimple, unused
* auth: fix gosimple errors
* integration: simplify boolean comparison in resp.Created
* raft: simplify boolean comparison, remove unused
* tools: simplify boolean comparison, remove unused
* e2e: remove unused 'ctlV3GetFailPerm'
* v3rpc: remove unused 'splitMethodName' function
* grpcproxy: remove unused field 'wbs *watchBroadcasts'
* doc: add faq about missing heartbeat
* etcdctl: 'fields' output formats
* build: remove dir use -r flag
* etcd-tester: add 'enable-pprof' option
* etcd-tester: cancel lease stream; fix OOM panic
* doc: add hardware section
* auth: improve 'removeSubsetRangePerms' to O(n)
* Documentation: use port 2379 in local cluster guide The port in endpoints should be 2379, instead of 12379.
* op-guide/clustering: fix typo
* embed: deep copy user handlers
* Documentation: add more FAQs (follower, leader, sys-require)
* clientv3: close Lease on client Close
* netutil: ctx-ize URLStringsEqual
* etcdserver: retry for 30s on advertise url check
* membership: retry for 30s on advertise url check
* clientv3: return error from KeepAlive if corresponding loop exits
* clientv3: add test for keep alive loop exit case
* auth, etcdserver: protect membership change operations with auth
* e2e: test cases of protecting membership change with auth
* clientv3: better error message for keep alive loop halt
* Documentation: FAQ entry for cluster ID mismatches
* dev-guide: add limit.md
* Documentation: minor fix nodes -> node
* etcdctl: warn when backend takes too long to open on migrate
* docs: explicitly set ETCDCTL_API=3 in recovery.md
* v3api, rpctypes: add ErrTimeoutDueToConnectionLost
* clientv3/integration: test lease grant/keepalive with/without failures
* clientv3: don't reset keepalive stream on grant failure
* etcdctl: tighten up output, reorganize README.md
* Documentation: add FAQs on membership operation
* Documentation: add 'why.md'
* embed: only override default advertised client URL if the client listen URL is 0.0.0.0
* raft: make memory storage set method thread safe
* raft: resume paused followers on receipt of MsgHeartbeatResp
* etcd-tester: fix typo, add endpoint in logs
* lease: force leader to apply its pending committed index for lease operations
* leasehttp: buffer error channel to prevent goroutine leak
* raft: fix pre-vote tests
* etcdserver: rework update committed index logic
* etcd-tester: remove unused err var from maxRev
* e2e: check etcdctl endpoint health is healthy if denied permission to key
* benchmark: a new option for configuring dial timeout
* ctlv3: consider permission denied error to be healthy for endpoints
* etcdmain: add --metrics flag for exposing histogram metrics
* e2e: test cluster-health
* v2http: submit QGET in health endpoint if no progress
* test: bump grpcproxy pass timeout to 15m
* lease: use atomics for accessing lease expiry
* e2e: poll '/version' in release upgrade tests
* e2e: unset ETCDCTL_API env var before running u2e tests
* etcdserver: consistent naming in raftReadyHandler
* coverage: rework code coverage for unit and integration tests
* testutil: whitelist thread created by go cover
* rafthttp: bump up timeout in pipeline test
* grpcproxy, etcdmain, integration: return done channel with WatchServer
* integration: defer clus.Terminate in watch tests
* raftexample: load snapshot when opening WAL
* etcd-runner: make command compliant
* raft: use status to test node stop
* etcdserver: expose ErrNotEnoughStartedMembers
* etcdserver: resume compactor only if leader
* benchmark: enable grpc error logging on stderr
* etcd-runner:add flags in watcher for hardcoded values
* docs: fix recovery example in recovery.md
* auth: use quorum get for GetUser/GetRole for mutable operations
* grpcproxy: tear down watch when client context is done
* integration: use only digits in unix ports
* e2e: dump stack on ctlTest timeout
* expect: EXPECT_DEBUG environment variable
* why: add origin of the term etcd
* testutil: increase size of buffer for stack dump
* raft: fix test case for #7042
* vendor: update ugorji/go
* integration: add grpc auth testing
* auth: reject empty user name when checking op permissions
* etcdctl: create root role on auth enable if it does not yet exist
* raft: add RawNode test case for #6866
* pkg/report: support 99.9-percentile, change column name
* documentation: display docs.md in github browser
* benchmark: option to rate limit range benchmark
* etcdserver, clientv3: handle a case of expired auth token
* tools: Add etcd 3.0 load test tool refernece
* transport: warn on user-provided CA
* NEWS: add v3.1.0, v3.0.16 + minor fixes
* clienv3: fix balancer test logic
* clientv3: don't reset stream on keepaliveonce or revoke failure
* grpcproxy: use ccache for key cache
* vendor: remove groupcache, add ccache
* pkg/report: add 'Stats' to expose report raw data
* travis: use Go 1.7.4, drop old env var
* ctlv3: print cluster info after adding new member
* Documentation: document upgrading to v3.1
* pkg/report: add nil checking for getTimeSeries
* etcdserver: use ReqTimeout for linearized read
* grpcproxy, etcdmain, integration: add close channel to kv proxy
* glide: update 'golang.org/x/net'
* vendor: update 'golang.org/x/net'
* Documentation: update experimental_apis for v3.1 release
* NEWS: fix date for v3.1 release
* Documentation: fix typo s/endpoint-health/endpoint health/
* clientv3/concurrency: fix rev comparison on concurrent key deletion
* integration: test STM apply on concurrent deletion
* pkg/flags: fixed prefix checking of the env variables
* etcdctlv3: snapshot restore works with lease key
* test: passed the test script arguments as the test function parameters
* documentation: update build documentation
* version: bump to v3.1.0
- Update to version 3.1.0rc.1:
* grpcproxy: watch next revision should be start revision when not 0
* grpcproxy: copy range request before storing in cache
* raft: return empty status if node is stopped
* mvcc: store.restore taking too long triggering snapshot cycle fix
* mvcc: TestStoreRestore fix
* mvcc : Added benchmark for store.resotre
* pkg/netutil: get default interface for tc commands
* version: bump up v3.1.0-rc.1
Changes in grafana:
- Add CVE-2020-13379.patch
* Security: fix unauthorized avatar proxying (bsc#1172409, CVE-2020-13379)
- Refresh systemd-notification.patch
- Fix declaration for LICENSE
- Add 0002-CVE-2020-12052-bsc1170657-XSS-annotation-popup-vulnerability.patch
* Security: Fix annotation popup XSS vulnerability
(bsc#1170657)
- Add CVE-2019-15043.patch (SOC-10357, CVE-2019-15043, bsc#1148383)
Changes in keepalived:
- update to 2.0.19
- new BR pkgconfig(libnftnl) to fix nftables support
- add nftables to the BR
- added patch
* linux-4.15.patch
- add buildrequires for file-devel
- used in the checker to verify scripts
- enable json stats and config dump support
new BR: pkgconfig(json-c)
- enable http regexp support: new BR pcre2-devel
- disable dbus instance creation support as it is marked as
dangerous
- Add BFD build option to keepalived.spec rpm file
Issue #1114 identified that the keepalived.spec file was not being
generated to build BFD support even if keepalived had been
configured to support it.
- full changelog
https://keepalived.org/changelog.html
- update to 1.4.5:
* Update snapcraft.yaml for 1.4.x+git
* Fix generation of git-commit.h with git commit number.
* Set virtual server address family correctly.
* Set virtual server address family correctly when using tunnelled
real servers.
* Fix handling of virtual servers with no real servers at config time.
* Add warning if virtual and real servers are different address families.
Although normally the virtual server and real servers must have the
same address family, if a real server is tunnelled, the address families
can be different. However, the kernel didn't support that until 3.18,
so add a check that the address families are the same if different
address families are not supported by the kernel.
* Send correct status in Dbus VrrpStatusChange notification.
When an instance transitioned from BACKUP to FAULT, the Dbus
status change message reported the old status (BACKUP) rather than
the new status (FAULT). This commit attempts to resolved that.
* doc: ipvs schedulers update
* Fix a couple of typos in configure.ac.
* Fix namespace collision with musl if_ether.h.
* Check if return value from read_value_block() is null before using.
* Fix reporting real server stats via SNMP.
* Make checker process handle RTM_NEWLINK messages with -a option
Even though the checker process doesn't subscribe to RTNLGRP_LINK
messages, it appears that older kernels (certainly 2.6.32) can
send RTM_NEWLINK (but not RTM_DELLINK) messages. This occurs
when the link is set to up state.
Only the VRRP process is interested in link messages, and so the
checker process doesn't do the necessary initialisation to be able
to handle RTM_NEWLINK messages.
This commit makes the checker process simply discard RTM_NEWLINK
and RTM_DELLINK messages, rather than assuming that if it receives
an RTM_NEWLINK message it must be the VRRP process.
This problem was reported in issue #848 since the checker process
was segfaulting when a new interface was added when the -a command
line option was specified.
* Fix handling RTM_NEWLINK when building without VRRP code.
* Fix building on Fedora 28.
net-snmp-config output can include compiler and linker flags that
refer to spec files that were used to build net-snmp but may not
exist on the system building keepalived. That would cause the build
done by configure to test for net-snmp support to fail; in particular
on a Fedora 28 system that doesn't have the redhat-rpm-config package
installed.
This commit checks that any spec files in the compiler and linker
flags returned by net-snmp-config exist on the system building
keepalived, and if not it removes the reference(s) to the spec file(s).
* keepalived-1.4.3 released.
* vrrp: setting '0' as default value for ifa_flags to make gcc happy.
* Add additional libraries when testing for presence of SSL_CTX_new().
It appears that some systems need -lcrypto when linking with -lssl.
* Sanitise checking of libnl3 in configure.ac.
* Report and handle missing '}'s in config files.
* Add missing '\n' in keepalived.data output.
* Stop backup taking over as master while master reloads.
If a reload was initiated just before an advert, and since it took
one advert interval after a reload before an advert was sent, if the
reload itself took more than one advert interval, the backup could
time out and take over as master.
This commit makes keepalived send adverts for all instances that are
master immediately before a reload, and also sends adverts immediately
after a reload, thereby trippling the time available for the reload
to complete.
* Add route option fastopen_no_cookie and rule option l3mdev.
* Fix errors in KEEPALIVED-MIB.txt.
* Simplify setting on IN6_ADDR_GEN_MODE.
* Cosmetic changes to keepalived(8) man page.
* Don't set ipvs sync daemon to master state before becoming master
If a vrrp instance which was the one specified for the ipvs sync
daemon was configured with initial state master, the sync daemon
was being set to master mode before the vrrp instance transitioned
to master mode. This caused an error message when the vrrp instance
transitioned to master and attempted to make the sync daemon go from
backup to master mode.
This commit stops setting the sync daemon to master mode at initialisation
time, and it is set to master mode when the vrrp instance transitions
to master.
* Fix freeing vector which has not had any entries allocated.
* Add additional mem-check disgnostics
vector_alloc, vectot_alloc_slot, vector_free and alloc_strvec all
call MALLOC/FREE but the functions written in the mem_check log
are vector_alloc etc, not the functions that call them.
This commit adds logging of the originating calling function.
* Fix memory leak in parser.c.
* Improve alignment of new mem-check logging.
* Disable all checkers on a virtual server when ha_suspend set.
Only the first checker was being disabled; this commit now disables
all of them.
Also, make the decision to disable a checker when starting/reloading
when scheduling the checker, so that the existance of the required
address can be checked.
* Stop genhash segfaulting when built with --enable-mem-check.
* Fix memory allocation problems in genhash.
* Properly fix memory allocation problems in genhash.
* Fix persistence_granularity IPv4 netmask validation.
The logic test from inet_aton() appears to be inverted.
* Fix segfault when checker configuration is missing expected parameter
Issue #806 mentioned as an aside that 'nb_get_retry' without a parameter
was sigfaulting. Commit be7ae80 - 'Stop segfaulting when configuration
keyword is missing its parameter' missed the 'hidden' uses of vector_slot()
(i.e. those used via definitions in header files).
This commit now updates those uses of vector_slot() to use strvec_slot()
instead.
* Fix compiling on Linux 2.x kernels.
There were missing checks for HAVE_DECL_CLONE_NEWNET causing
references to an undeclared variable if CLONE_NEWNET wasn't defined.
* Improve parsing of kernel release.
The kernel EXTRAVERSION can start with any character (although
starting with a digit would be daft), so relax the check for it
starting with a '-'. Kernels using both '+' and '.' being the
first character of EXTRAVERSION have been reported.
* Improve grammer.
* add support for SNI in SSL_GET check.
this adds a `enable_sni` parameter to SSL_GET, making sure the check
passes the virtualhost in the SNI extension during SSL handshake.
* Optimise setting host name for SSL_GET requests with SNI.
* Allow SNI to be used with SSL_GET with OpenSSL v1.0.0 and LibreSSL.
* Use configure to check for SSL_set_tlsext_host_name()
Rather than checking for a specific version of the OpenSSL library
(and it would also need checking the version of the LibreSSL library)
let configure check for the presence of SSL_set_tlsext_host_name().
Also omit all code related to SNI of SSL_set_tlsext_host_name() is
not available.
* Use configure to determine available OpenSSL functionality
Rather than using version numbers of the OpenSSL library to determine
what functions are available, let configure determine whether the
functions are supported.
The also means that the same tests work for LibreSSL.
* Add support for gratuitous ARPs for IP over Infiniband.
* Use system header definition instead of local definition IF_HWADDR_MAX
linux/netdevice.h has definition MAX_ADDR_LEN, which is 32, whereas
IF_HWADDR_MAX was locally defined to be 20.
Unfortunately we end up with more system header file juggling to ensure
we don't have duplicate definitions.
* Fix vrrp_script and check_misc scripts of type </dev/tcp/127.0.0.1/80.
* Add the first pre-defined config definition (${_PWD})
${_PWD} in a configuration file will be replaced with the full
path name of the directory that keepalived is reading the current
configuration file from.
* Open and run the notify fifo and script if no other fifo
Due to the way the code was structured the notify_fifo for both
checker and vrrp messages wasn't run if neither the vrrp or checker
fifo wasn't configured.
Also, if all three fifos were configured, the general fifo script
was executed by both the vrrp and checker process, causing problems.
* Add support for Infiniband interfaces when dumping configuration.
* Tidy up layout in vrrp_arp.c.
* Add configure check for support of position independant executables (PIE).
* Add check for -pie support, and fix writing to keepalived.data.
* keepalived-1.4.2 released.
* Make genhash exit with exit code 1 on error.
Issue #766 identified that genhash always exits with exit code 1
even if an error has occurred.
* Rationalise printing of http header in genhash.
* Use http header Content-Length field in HTTP_CHECK/SSL_CHECK.
If a Content-Length is supplied in the http header, use that as a
limit to the data length (as wget does). If the length of data
received does not match the Content-Length log a warning.
* Optimise parameter passing to fprintf in genhash.
* Don't declare mark variable if don't have MARK socket option.
* Fix sync groups with only one member.
Commit c88744a0 allowed sync groups with only 1 member again, but
didn't stop removing the sync group if there was only 1 member.
This commit now doesn't remove sync groups with only one member.
* Make track scripts work with --enable-debug config option.
* Add warning if --enable-debug configure option is used.
* Allow more flexibility of layout of { and } in config files.
keepalived was a bit fussy about where '{'s and '}'s (braces) could
be placed in terms of after the keyword, or on a line on their own.
It certainly was not possible to have multiple braces on one line.
This commit now provides complete flexibility of where braces are, so
long as they occur in the correct order.
* Make alloc_value_block() report block type if there is an error.
* Simplify alloc_value_block() by using libc string functions.
* Add dumping of garp delay config when using -d option.
* Fix fractions of seconds for garp group garp_interval.
* Make read_value_block() use alloc_value_block().
This removes quite a bit of duplication of functionality, and
ensures the configuration parsing will be more consistent.
* Fix build with Linux kernel headers v4.15.
Linux kernel version 4.15 changed the libc/kernel headers suppression
logic in a way that introduces collisions.
* Add missing command line options to keepalived(8) man page.
* Fix --dont-release-vrrp.
On github, ushuz reported that commit 62e8455 - 'Don't delete vmac
interfaces before dropping multicast membership' broke --dont-release-vrrp.
This commit restores the correct functionality.
* Define _GNU_SOURCE for all compilation units.
Rather than defining _GNU_SOURCE when needed, let configure add
it to the flags passed to the C compiler, so that it is defined
for all compilation units. This ensures consistence.
* Fix new warnings procuded by gcc 8.
* Fix dumping empty lists.
Add a check in dump_list() for an empty list, and don't attempt
to dump it if it is empty.
* Resolve conversion-check compiler warnings.
* Add missing content to installing_keepalived.rst documentation.
Issue #778 identified that there was text missing at the end of
the document, and that is now added.
* Fix systemd service to start after network-online.target.
This fix was merged downstream by RedHat in response to
RHBZ #1413320.
* Update INSTALL file to describe packages needed for building
documentation.
* INSTALL: note linux distro package that provides 'sphinx_rtd_theme'
* Clear /proc/sys/net/ipv6/conf/IF/disable_ipv6 when create VMACs.
An issue was identified where keepalived was reporting permission
denied when attempting to add an IPv6 address to a VMAC interface.
It turned out that this was because
/proc/sys/net/ipv6/conf/default/disable_ipv6
was set to 1, causing IPv6 to be disables on all interfaces that
keepalived created.
This commit clears disable_ipv6 on any VMAC interfaces that
keepalived creates if the vrrp instance is using IPv6.
- remove linux-4.15.patch: does not apply anymore and not needed
(the distros using 4.15 have moved on to keepalived 2.x)
- Only Require insserv on distributions without systemd.
- Fix systemd related requires/buildRequires
- Do not run scriptlets that use insserv when using systemd
- add linux-4.15.patch
Changes in kibana:
- Add 0001-Configurable-custom-response-headers-for-server.patch
(bsc#1171909, CVE-2020-10743)
Changes in memcached:
- version update to 1.5.17
* bugfixes
fix strncpy call in stats conns to avoid ASAN violation (bsc#1149110, CVE-2019-15026)
extstore: fix indentation
add error handling when calling dup function
add unlock when item_cachedump malloc failed
extstore: emulate pread(v) for macOS
fix off-by-one in logger to allow CAS commands to be logged.
use strdup for explicitly configured slab sizes
move mem_requested from slabs.c to items.c (internal cleanup)
* new features
add server address to the 'stats conns' output
log client connection id with fetchers and mutations
Add a handler for seccomp crashes
- version update to 1.5.16
* bugfixes
When nsuffix is 0 space for flags hasn't been allocated so don't memcpy them.
- version update to 1.5.15
* bugfixes
Speed up incr/decr by replacing snprintf.
Use correct buffer size for internal URI encoding.
change some links from http to https
Fix small memory leak in testapp.c.
free window_global in slab_automove_extstore.c
remove inline_ascii_response option
-Y [filename] for ascii authentication mode
fix: idle-timeout wasn't compatible with binprot
* features
-Y [authfile] enables an authentication mode for ASCII protocol.
- modified patches
% memcached-autofoo.patch (refreshed)
- version update to 1.5.14
* update -h output for -I (max item size)
* fix segfault in 'lru' command (bsc#1133817, CVE-2019-11596)
* fix compile error on centos7
* extstore: error adjusting page_size after ext_path
* extstore: fix segfault if page_count is too high.
* close delete + incr item survival race bug
* memcached-tool dump fix loss of exp value
* Fix 'qw' in 'MemcachedTest.pm' so wait_ext_flush is exported properly
* Experimental TLS support.
* Basic implementation of TLS for memcached.
* Improve Get And Touch documentation
* fix INCR/DECR refcount leak for invalid items
- modified patches
% memcached-autofoo.patch (refreshed)
- Version bump to 1.5.11:
* extstore: balance IO thread queues
- Drop memcached-fix_test.patch that is present now upstream
- Add patch to fix aarch64, ppc64* and s390x tests:
* memcached-fix_test.patch
- Fix linter errors regarding COPYING
- update to 1.5.10:
* disruptive change in extstore: -o ext_page_count= is deprecated
and no longer works. To specify size: -o ext_path=/d/m/e:500G
extstore figures out the page count based on your desired page
size. M|G|T|P supported.
* extstore: Add basic JBOD support: ext_path can be specified
multiple times for striping onto simimar devices
* fix alignment issues on some ARM platforms for chunked items
- Update to 1.5.9:
* Bugfix release.
* Important note: if using --enable-seccomp, privilege dropping
is no longer on by default. The feature is experimental and many
users are reporting hard to diagnose problems on varied platforms.
* Seccomp is now marked EXPERIMENTAL, and must be explicitly
enabled by adding -o drop_privileges. Once we're more confident
with the usability of the feature, it will be enabled in -o modern,
like any other new change. You should only use it if you are
willing to carefully test it, especially if you're a vendor or
distribution.
* Also important is a crash fix in extstore when using the ASCII
protocol, large items, and running low on memory.
- update to 1.5.8:
* Bugfixes for seccomp and extstore
* Extstore platform portability has been greatly improved for ARM
and 32bit systems
- includes changes from 1.5.7:
* Fix alignment issues for 64bit ARM processors
* Fix seccomp portability
* Fix refcount leak with extstore while using binary touch commands
- turn on the testsuite again, it seems to pass server side,
too
- Home directory shouldn't be world readable bsc#1077718
- Mention that this stream isn't affected by bsc#1085209,
CVE-2018-1000127 to make the checker bots happy.
- update to 1.5.6 (bsc#1083903, CVE-2018-1000115):
* This update disables UDP by default to reduce DDoS amplification
attacks
* see https://github.com/memcached/memcached/wiki/ReleaseNotes156
* see https://github.com/memcached/memcached/wiki/ReleaseNotes155
* see https://github.com/memcached/memcached/wiki/ReleaseNotes154
* see https://github.com/memcached/memcached/wiki/ReleaseNotes153
* see https://github.com/memcached/memcached/wiki/ReleaseNotes152
* see https://github.com/memcached/memcached/wiki/ReleaseNotes151
* see https://github.com/memcached/memcached/wiki/ReleaseNotes150
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
Changes in monasca-installer:
- Add 0001-kibana:-set-x-frame-options-header.patch (bsc#1171909,
CVE-2020-10743)
Changes in openstack-dashboard-theme-SUSE:
- Switch github URL from git@ to git:// to bypass authentication
Changes in openstack-manila:
- Add 0001-Fix-exportfs-u-usage-in-generic-driver.patch
Backported from upstream patch https://review.opendev.org/#/c/411631/
Related Bug (SOC-9801)
Changes in openstack-neutron-fwaas:
- Add 0050-Remove-tempest-shared-physical-network.patch (SOC-9801)
This tempest configuration option is not present in tempest, as
it was only added after the SOC7 release cut.
Changes in openstack-nova:
- Add 0001-live-mig-keep-disk-device-address-same.patch (bsc#1164316)
- Fix for https://bugs.launchpad.net/nova/+bug/1715569
Changes in openstack-tempest:
- Add 0001-Use-available-scheduler-filters.patch
Backported from upstream patch https://review.opendev.org/#/c/570207/
Related Bugs: SOC-9801,SOC-11174
- Add 0001-Remove-volume_feature_enabled.volume_services.patch
Backported from upstream patch https://review.opendev.org/#/c/438220/
Related Bug (SOC-9801)
Changes in python-cffi:
- Do not build python3 subpackages as C:OS:Newton does not support
it
- provide also python-cffi = 1.10.0 and 1.5.2 to avoid breaking the
cloud 7 and 8 requirements (bsc#948198)
- Update in SLE-12 (bsc#1138748, jsc#ECO-1256, jsc#PM-1598)
- Add dont-corrupt-memory.patch to fix boo#1111657 (originally
from https://bitbucket.org/cffi/cffi/commits/7a76a3815340)
- build python3 subpackage (FATE#324435, FATE#323875)
- Add patch cffi-loader.patch to fix bsc#1070737
- Sort out with spec-cleaner
- update to version 1.11.2:
* Fix Windows issue with managing the thread-state on CPython 3.0 to
3.5
- Update pytest in spec to add c directory tests in addition to
testing directory.
- Omit test_init_once_multithread tests as they rely on multiple
threads finishing in a given time. Returns sporadic pass/fail
within build.
- Update to 1.11.1:
* Fix tests, remove deprecated C API usage
* Fix (hack) for 3.6.0/3.6.1/3.6.2 giving incompatible binary
extensions (cpython issue #29943)
* Fix for 3.7.0a1+
- Update to 1.11.0:
* Support the modern standard types char16_t and char32_t. These
work like wchar_t: they represent one unicode character, or when
used as charN_t * or charN_t[] they represent a unicode string.
The difference with wchar_t is that they have a known, fixed
size. They should work at all places that used to work with
wchar_t (please report an issue if I missed something). Note
that with set_source(), you need to make sure that these types
are actually defined by the C source you provide (if used in
cdef()).
* Support the C99 types float _Complex and double _Complex. Note
that libffi doesn’t support them, which means that in the ABI
mode you still cannot call C functions that take complex
numbers directly as arguments or return type.
* Fixed a rare race condition when creating multiple FFI instances
from multiple threads. (Note that you aren’t meant to create
many FFI instances: in inline mode, you should write
ffi = cffi.FFI() at module level just after import cffi; and in
out-of-line mode you don’t instantiate FFI explicitly at all.)
* Windows: using callbacks can be messy because the CFFI internal
error messages show up to stderr—but stderr goes nowhere in many
applications. This makes it particularly hard to get started
with the embedding mode. (Once you get started, you can at least
use @ffi.def_extern(onerror=...) and send the error logs where
it makes sense for your application, or record them in log
files, and so on.) So what is new in CFFI is that now, on
Windows CFFI will try to open a non-modal MessageBox (in addition
to sending raw messages to stderr). The MessageBox is only
visible if the process stays alive: typically, console
applications that crash close immediately, but that is also the
situation where stderr should be visible anyway.
* Progress on support for callbacks in NetBSD.
* Functions returning booleans would in some case still return 0
or 1 instead of False or True. Fixed.
* ffi.gc() now takes an optional third parameter, which gives an
estimate of the size (in bytes) of the object. So far, this is
only used by PyPy, to make the next GC occur more quickly
(issue #320). In the future, this might have an effect on
CPython too (provided the CPython issue 31105 is addressed).
* Add a note to the documentation: the ABI mode gives function
objects that are slower to call than the API mode does. For
some reason it is often thought to be faster. It is not!
- Update to 1.10.1:
* Fixed the line numbers reported in case of cdef() errors. Also,
I just noticed, but pycparser always supported the preprocessor
directive # 42 'foo.h' to mean “from the next line, we’re in
file foo.h starting from line 42”, which it puts in the error
messages.
- update to 1.10.0:
* Issue #295: use calloc() directly instead of PyObject_Malloc()+memset()
to handle ffi.new() with a default allocator. Speeds up ffi.new(large-array)
where most of the time you never touch most of the array.
* Some OS/X build fixes (“only with Xcode but without CLT”).
* Improve a couple of error messages: when getting mismatched versions of
cffi and its backend; and when calling functions which cannot be called with
libffi because an argument is a struct that is “too complicated” (and not
a struct pointer, which always works).
* Add support for some unusual compilers (non-msvc, non-gcc, non-icc, non-clang)
* Implemented the remaining cases for ffi.from_buffer. Now all
buffer/memoryview objects can be passed. The one remaining check is against
passing unicode strings in Python 2. (They support the buffer interface, but
that gives the raw bytes behind the UTF16/UCS4 storage, which is most of the
times not what you expect. In Python 3 this has been fixed and the unicode
strings don’t support the memoryview interface any more.)
* The C type _Bool or bool now converts to a Python boolean when reading,
instead of the content of the byte as an integer. The potential
incompatibility here is what occurs if the byte contains a value different
from 0 and 1. Previously, it would just return it; with this change, CFFI
raises an exception in this case. But this case means “undefined behavior”
in C; if you really have to interface with a library relying on this,
don’t use bool in the CFFI side. Also, it is still valid to use a byte
string as initializer for a bool[], but now it must only contain \x00 or
\x01. As an aside, ffi.string() no longer works on bool[] (but it never made
much sense, as this function stops at the first zero).
* ffi.buffer is now the name of cffi’s buffer type, and ffi.buffer() works
like before but is the constructor of that type.
* ffi.addressof(lib, 'name') now works also in in-line mode, not only in
out-of-line mode. This is useful for taking the address of global variables.
* Issue #255: cdata objects of a primitive type (integers, floats, char) are
now compared and ordered by value. For example, <cdata 'int' 42> compares
equal to 42 and <cdata 'char' b'A'> compares equal to b'A'. Unlike C,
<cdata 'int' -1> does not compare equal to ffi.cast('unsigned int', -1): it
compares smaller, because -1 < 4294967295.
* PyPy: ffi.new() and ffi.new_allocator()() did not record “memory pressure”,
causing the GC to run too infrequently if you call ffi.new() very often
and/or with large arrays. Fixed in PyPy 5.7.
* Support in ffi.cdef() for numeric expressions with + or -. Assumes that
there is no overflow; it should be fixed first before we add more general
support for arbitrary arithmetic on constants.
- do not generate HTML documentation for packages that are indirect
dependencies of Sphinx
(see docs at https://cffi.readthedocs.org/ )
- update to 1.9.1
- Structs with variable-sized arrays as their last field: now we track the
length of the array after ffi.new() is called, just like we always tracked
the length of ffi.new('int[]', 42). This lets us detect out-of-range
accesses to array items. This also lets us display a better repr(), and
have the total size returned by ffi.sizeof() and ffi.buffer(). Previously
both functions would return a result based on the size of the declared
structure type, with an assumed empty array. (Thanks andrew for starting
this refactoring.)
- Add support in cdef()/set_source() for unspecified-length arrays in
typedefs: typedef int foo_t[...];. It was already supported for global
variables or structure fields.
- I turned in v1.8 a warning from cffi/model.py into an error: 'enum xxx' has
no values explicitly defined: refusing to guess which integer type it is
meant to be (unsigned/signed, int/long). Now I’m turning it back to a
warning again; it seems that guessing that the enum has size int is a
99%-safe bet. (But not 100%, so it stays as a warning.)
- Fix leaks in the code handling FILE * arguments. In CPython 3 there is a
remaining issue that is hard to fix: if you pass a Python file object to a
FILE * argument, then os.dup() is used and the new file descriptor is only
closed when the GC reclaims the Python file object—and not at the earlier
time when you call close(), which only closes the original file descriptor.
If this is an issue, you should avoid this automatic convertion of Python
file objects: instead, explicitly manipulate file descriptors and call
fdopen() from C (...via cffi).
- When passing a void * argument to a function with a different pointer type,
or vice-versa, the cast occurs automatically, like in C. The same occurs
for initialization with ffi.new() and a few other places. However, I
thought that char * had the same property—but I was mistaken. In C you get
the usual warning if you try to give a char * to a char ** argument, for
example. Sorry about the confusion. This has been fixed in CFFI by giving
for now a warning, too. It will turn into an error in a future version.
- Issue #283: fixed ffi.new() on structures/unions with nested anonymous
structures/unions, when there is at least one union in the mix. When
initialized with a list or a dict, it should now behave more closely like
the { } syntax does in GCC.
- CPython 3.x: experimental: the generated C extension modules now use the
“limited API”, which means that, as a compiled .so/.dll, it should work
directly on any version of CPython >= 3.2. The name produced by distutils
is still version-specific. To get the version-independent name, you can
rename it manually to NAME.abi3.so, or use the very recent setuptools 26.
- Added ffi.compile(debug=...), similar to python setup.py build --debug but
defaulting to True if we are running a debugging version of Python itself.
- Removed the restriction that ffi.from_buffer() cannot be used on byte
strings. Now you can get a char * out of a byte string, which is valid as
long as the string object is kept alive. (But don’t use it to modify the
string object! If you need this, use bytearray or other official
techniques.)
- PyPy 5.4 can now pass a byte string directly to a char * argument (in older
versions, a copy would be made). This used to be a CPython-only
optimization.
- ffi.gc(p, None) removes the destructor on an object previously created by
another call to ffi.gc()
- bool(ffi.cast('primitive type', x)) now returns False if the value is zero
(including -0.0), and True otherwise. Previously this would only return
False for cdata objects of a pointer type when the pointer is NULL.
- bytearrays: ffi.from_buffer(bytearray-object) is now supported. (The reason
it was not supported was that it was hard to do in PyPy, but it works since
PyPy 5.3.) To call a C function with a char * argument from a buffer
object—now including bytearrays—you write lib.foo(ffi.from_buffer(x)).
Additionally, this is now supported: p[0:length] = bytearray-object. The
problem with this was that a iterating over bytearrays gives numbers
instead of characters. (Now it is implemented with just a memcpy, of
course, not actually iterating over the characters.)
- C++: compiling the generated C code with C++ was supposed to work, but
failed if you make use the bool type (because that is rendered as the C
_Bool type, which doesn’t exist in C++).
- help(lib) and help(lib.myfunc) now give useful information, as well as
dir(p) where p is a struct or pointer-to-struct.
- drop upstreamed python-cffi-avoid-bitshifting-negative-int.patch
- update for multipython build
- Add python-cffi-avoid-bitshifting-negative-int.patch to actually
fix the 'negative left shift' warning by replacing bitshifting
in appropriate places by bitwise and comparison to self; patch
taken from upstream git. Drop cffi-1.5.2-wnoerror.patch: no
longer required.
- disable 'negative left shift' warning in test suite to prevent
failures with gcc6, until upstream fixes the undefined code
in question (boo#981848, cffi-1.5.2-wnoerror.patch)
- Update to version 1.6.0:
* ffi.list_types()
* ffi.unpack()
* extern “Python+C”
* in API mode, lib.foo.__doc__ contains the C signature now.
* Yet another attempt at robustness of ffi.def_extern() against
CPython’s interpreter shutdown logic.
Changes in python-pylons-sphinx-themes:
- moved LICENSE.txt to docs to match old structure
- specfile:
* update copyright year
- update to version 1.0.11:
* Fix the width of linenos table column when used in code-blocks.
- Replace %fdupes -s with plain %fdupes; hardlinks are better.
- Update to version 1.0.10 (2018-09-25)
+ Add Read the Docs to the recipients of ad revenue.
- Update to version 1.0.9 (2018-09-23)
+ Remove hyphenation because it sometimes hyphenates
inappropriately, such as in code.
- Update to version 1.0.8 (2018-09-21)
+ Fix support for Ethical Ads.
- Update to version 1.0.7 (2018-09-21)
+ Added support for Ethical Ads for Read The Docs.
See https://github.com/Pylons/pylons-sphinx-themes/pull/12
- Remove superfluous devel dependency for noarch package
- Update to version 1.0.6
* Update zest.releaser in order to release to PyPI.
- Update to version 1.0.5
* Clean up licensing
https://github.com/Pylons/pylons-sphinx-themes/issues/8
- Provide/obsolete old pylons_sphinx_theme
- Update to version 1.0.4
* Specify line spacing for list items for only within the
.body class.
version 1.0.3
* Add line spacing for list items. Closes #4.
version 1.0.2:
* Remove HTTPS protocol to allow either HTTPS or HTTP.
version 1.0.1:
* Use HTTPS for protocol of stylesheets.
version 1.0:
* Use zest.releaser for releasing.
* Improve documentation.
- Converted to single-spec
- version 0.3.1: initial build
Changes in python-Django:
- Fix merge artifact in CVE-2020-13596.patch
- Add CVE-2019-19844.patch (bsc#1159447, CVE-2019-19844)
* Fix Potential account hijack via password reset form
- Security fixes (bsc#1172167, bsc#1172166, CVE-2020-13254, CVE-2020-13596)
* Added patch CVE-2020-13254.patch
* Added patch CVE-2020-13596.patch
- Set _defaultlicensedir
- Fix for SG#56542, bsc#1161349:
* Fixed CVE-2019-3498-Fixed-content-spoof.patch
- Fix for SG#56542, bsc#1161349:
* Fixed CVE-2019-3498-Fixed-content-spoof.patch
(There was a bug in this .patch file; some code had been
accidentally included in the backport, and this stopped the 404
page from loading. See commit message and bug report for more
information)
Changes in python-Pillow:
- Remove decompression_bomb.gif and relevant test case to avoid
ClamAV scan alerts during build
- Add 0008-Corrected-negative-seeks.patch
* From upstream, backported
* Fixes part of CVE-2019-16865, bsc#1153191
- Add 0009-Make-Image.crop-an-immediate-operation.patch
* From upstream, backported
* Fixes https://github.com/python-pillow/Pillow/issues/1077
* Used by 0012-Added-decompression-bomb-checks.patch
- Add 0010-Crop-decompression.patch
* From upstream, backported
* Fixes https://github.com/python-pillow/Pillow/issues/2402
* Used by 0012-Added-decompression-bomb-checks.patch
- Add 0011-Added-DecompressionBombError.patch
* From upstream, backported
* Adds DecompressionBombError class
* Used by 0012-Added-decompression-bomb-checks.patch
- Add 0012-Added-decompression-bomb-checks.patch
* From upstream, backported
* Fixes part of CVE-2019-16865, bsc#1153191
- Add 0013-Raise-error-if-dimension-is-a-string.patch
* From upstream, backported
* Fixes part of CVE-2019-16865, bsc#1153191
- Add 0014-Catch-buffer-overruns.patch
* From upstream, backported
* Fixes part of CVE-2019-16865, bsc#1153191
- Add 0015-Catch-PCX-P-mode-buffer-overrun.patch
* From upstream, backported
* Fixes CVE-2020-5312, bsc#1160152
- Add 0016-Ensure-previous-FLI-frame-is-loaded.patch
* From upstream, backported
* Fixes https://github.com/python-pillow/Pillow/issues/2649
* Uncovers CVE-2020-5313, bsc#1160153
- Add 0017-Catch-FLI-buffer-overrun.patch
* From upstream, backported
* Fixes CVE-2020-5313, bsc#1160153
- Add 018-Invalid-number-of-bands-in-FPX-image.patch
* From upstream, backported
* Fixes CVE-2019-19911, bsc#1160192
Changes in python-psql2mysql:
- Update to version 0.5.0+git.1589351878.4ef877c:
* Do not fail on instance_info length, it is expected to be LONGTEXT
- Update to version 0.5.0+git.1582192453.98e9561:
* Neutron drivers use own naming for alembic migrations, e.g. cisco_alembic_version, aci_alembic_version, etc depending on driver.
Changes in python-psutil:
- Add bsc1156525-CVE-2019-18874.patch (bsc#1156525, CVE-2019-18874)
Changes in python-py:
- update to version 1.5.2
-----------------------------------------------------------------
- update to version 1.4.33
Changes in python-py:
- update to version 1.5.2:
* fix #169, #170: error importing py.log on Windows: no module named
'syslog'.
- changes from version 1.5.1:
* fix #167 - prevent pip from installing py in unsupported Python
versions.
- changes from version 1.5.0:
* python 2.6 and 3.3 are no longer supported
* deprecate py.std and remove all internal uses
* fix #73 turn py.error into an actual module
* path join to / no longer produces leading double slashes
* fix #82 - remove unsupportable aliases
* fix python37 compatibility of path.sysfind on windows by correctly
replacing vars
* turn iniconfig and apipkg into vendored packages and ease
de-vendoring for distributions
* fix #68 remove invalid py.test.ensuretemp references
* fix #25 - deprecate path.listdir(sort=callable)
* add TerminalWriter.chars_on_current_line read-only property that
tracks how many characters have been written to the current line.
- changes from version 1.4.34
* fix issue119 / pytest issue708 where tmpdir may fail to make
numbered directories when the filesystem is case-insensitive.
- update to version 1.4.33:
* avoid imports in calls to py.path.local().fnmatch(). Thanks
Andreas Pelme for the PR.
* fix issue106: Naive unicode encoding when calling fspath() in
python2. Thanks Tiago Nobrega for the PR.
* fix issue110: unittest.TestCase.assertWarns fails with py
imported.
- changes from version 1.4.32
* fix issue70: aded ability to copy all stat info in
py.path.local.copy.
* make TerminalWriter.fullwidth a property. This results in the
correct value when the terminal gets resized.
* update supported html tags to include recent additions.
Thanks Denis Afonso for the PR.
* Remove internal code in ``Source.compile`` meant to support
earlier Python 3 versions that produced the side effect
of leaving ``None`` in ``sys.modules`` when called (see
pytest-dev/pytest#2103). Thanks Bruno Oliveira for the PR.
Changes in python-pysaml2:
- Add 0001-Always-generate-a-random-IV-for-AES-operations.patch
(CVE-2017-1000246, bsc#1068612)
- Add 0001-Fix-XML-Signature-Wrapping-XSW-vulnerabilities.patch
(CVE-2020-5390, bsc#1160851)
Changes in python-waitress:
- update to 1.4.3 to include fixes for:
* CVE-2019-16785 / bsc#1161088
* CVE-2019-16786 / bsc#1161089
* CVE-2019-16789 / bsc#1160790
* CVE-2019-16792 / bsc#1161670
- moved LICENSE.txt to docs to match old structure
- make sure UTF8 locale is used when runnning tests
* Sometimes functional tests executed in python3 failed if stdout was not
set to UTF-8. The error message was:
ValueError: underlying buffer has been detached
- %python3_only -> %python_alternative
- update to 1.4.3
* Waitress did not properly validate that the HTTP headers it received
were properly formed, thereby potentially allowing a front-end server
to treat a request different from Waitress. This could lead to HTTP
request smuggling/splitting.
- drop patch local-intersphinx-inventories.patch
* it was commented out, anyway
- update to 1.4.0:
- Waitress used to slam the door shut on HTTP pipelined requests without
setting the ``Connection: close`` header as appropriate in the response. This
is of course not very friendly. Waitress now explicitly sets the header when
responding with an internally generated error such as 400 Bad Request or 500
Internal Server Error to notify the remote client that it will be closing the
connection after the response is sent.
- Waitress no longer allows any spaces to exist between the header field-name
and the colon. While waitress did not strip the space and thereby was not
vulnerable to any potential header field-name confusion, it should have sent
back a 400 Bad Request. See https://github.com/Pylons/waitress/issues/273
- CRLR handling Security fixes
- update to 1.3.1
* Waitress won’t accidentally throw away part of the path if it
starts with a double slash
- version update to 1.3.0
Deprecations
~~~~~~~~~~~~
- The ``send_bytes`` adjustment now defaults to ``1`` and is deprecated
pending removal in a future release.
and https://github.com/Pylons/waitress/pull/246
Features
~~~~~~~~
- Add a new ``outbuf_high_watermark`` adjustment which is used to apply
backpressure on the ``app_iter`` to avoid letting it spin faster than data
can be written to the socket. This stabilizes responses that iterate quickly
with a lot of data.
See https://github.com/Pylons/waitress/pull/242
- Stop early and close the ``app_iter`` when attempting to write to a closed
socket due to a client disconnect. This should notify a long-lived streaming
response when a client hangs up.
See https://github.com/Pylons/waitress/pull/238
and https://github.com/Pylons/waitress/pull/240
and https://github.com/Pylons/waitress/pull/241
- Adjust the flush to output ``SO_SNDBUF`` bytes instead of whatever was
set in the ``send_bytes`` adjustment. ``send_bytes`` now only controls how
much waitress will buffer internally before flushing to the kernel, whereas
previously it used to also throttle how much data was sent to the kernel.
This change enables a streaming ``app_iter`` containing small chunks to
still be flushed efficiently.
See https://github.com/Pylons/waitress/pull/246
Bugfixes
~~~~~~~~
- Upon receiving a request that does not include HTTP/1.0 or HTTP/1.1 we will
no longer set the version to the string value 'None'. See
https://github.com/Pylons/waitress/pull/252 and
https://github.com/Pylons/waitress/issues/110
- When a client closes a socket unexpectedly there was potential for memory
leaks in which data was written to the buffers after they were closed,
causing them to reopen.
See https://github.com/Pylons/waitress/pull/239
- Fix the queue depth warnings to only show when all threads are busy.
See https://github.com/Pylons/waitress/pull/243
and https://github.com/Pylons/waitress/pull/247
- Trigger the ``app_iter`` to close as part of shutdown. This will only be
noticeable for users of the internal server api. In more typical operations
the server will die before benefiting from these changes.
See https://github.com/Pylons/waitress/pull/245
- Fix a bug in which a streaming ``app_iter`` may never cleanup data that has
already been sent. This would cause buffers in waitress to grow without
bounds. These buffers now properly rotate and release their data.
See https://github.com/Pylons/waitress/pull/242
- Fix a bug in which non-seekable subclasses of ``io.IOBase`` would trigger
an exception when passed to the ``wsgi.file_wrapper`` callback.
See https://github.com/Pylons/waitress/pull/249
- Trim marketing wording and other platform mentions.
- Add fetch-intersphinx-inventories.sh to sources
- Add local-intersphinx-inventories.patch for generating the docs
correctly
- update to version 1.2.1:
too many changes to list here, see:
https://github.com/Pylons/waitress/blob/master/CHANGES.txt
or even:
https://github.com/Pylons/waitress/commits/master
- Remove superfluous devel dependency for noarch package
- update to version 1.1.0:
* Features
+ Waitress now has a __main__ and thus may be called with 'python
-mwaitress'
* Bugfixes
+ Waitress no longer allows lowercase HTTP verbs. This change was
made to fall in line with most HTTP servers. See
https://github.com/Pylons/waitress/pull/170
+ When receiving non-ascii bytes in the request URL, waitress will
no longer abruptly close the connection, instead returning a 400
Bad Request. See https://github.com/Pylons/waitress/pull/162 and
https://github.com/Pylons/waitress/issues/64
- Update to 1.0.2
* Python 3.6 is now officially supported in Waitress
* Add a work-around for libc issue on Linux not following the
documented standards. If getnameinfo() fails because of DNS not
being available it should return the IP address instead of the
reverse DNS entry, however instead getnameinfo() raises. We
catch this, and ask getnameinfo() for the same information
again, explicitly asking for IP address instead of reverse
DNS hostname.
- Implement single-spec version.
- Fix source URL.
- update to 1.0.1:
- IPv6 support on Windows was broken due to missing constants in the socket
module. This has been resolved by setting the constants on Windows if they
are missing. See https://github.com/Pylons/waitress/issues/138
- A ValueError was raised on Windows when passing a string for the port, on
Windows in Python 2 using service names instead of port numbers doesn't work
with `getaddrinfo`. This has been resolved by attempting to convert the port
number to an integer, if that fails a ValueError will be raised. See
https://github.com/Pylons/waitress/issues/139
- Removed `AI_ADDRCONFIG` from the call to `getaddrinfo`, this resolves an
issue whereby `getaddrinfo` wouldn't return any addresses to `bind` to on
hosts where there is no internet connection but localhost is requested to be
bound to. See https://github.com/Pylons/waitress/issues/131 for more
information.
- disable tests. need network access.
Changes in rabbitmq-server:
- Apply patches to resolve CVE-2017-4967,CVE-2017-4965 (bsc#1037777)
0001-Escape-HTML-tags-in-policy-definition-fields.patch
0002-Don-t-echo-provided-encoding-value-back.patch
0003-Strip-off-pids-and-format-consumer-details-for-2-end.patch
0004-Format-Web-contexts.patch
Changes in release-notes-suse-openstack-cloud:
- Switch github URL from git@ to https:// to bypass authentication
Changes in rubygem-activeresource:
- Add bsc#1171560-CVE-2020-8151-encode-id-param.patch
Prevent possible information disclosure issue that could allow
an attacker to create specially crafted requests to access data
in an unexpected way (bsc#1171560 CVE-2020-8151))
Changes in rubygem-crowbar-client:
- Update to 3.9.2
- Enable SES commands in Cloud8 (SOC-11122)
Changes in rubygem-json-1_7:
- Add CVE-2020-10663.patch (CVE-2020-10663, bsc#1167244)
Changes in rubygem-puma:
- Fix indentation in gem2rpm.yml
- Add CVE-2020-11077.patch (bsc#1172175, CVE-2020-11077)
- Add chunked-request-handling.patch (needed for CVE-2020-11076.patch)
- Add CVE-2020-11076.patch (bsc#1172176, CVE-2020-11076)
- Add all patches to gem2rpm.yml
- Add CVE-2020-5247.patch (bsc#1165402)
'Fixes a problem where we were not splitting newlines in headers
according to Rack spec'
The patch is reduced compared to the upstream version, which was
patching also the parts that are not implemented in our old Puma
version. This applies to unit test as well.
Changes in zookeeper:
- Apply 0002-Apply-patch-to-resolve-CVE-2019-0201.patch
This applies the patch for ZOOKEEPER-1392 to resolve CVE-2019-0201
Should not allow to read ACL when not authorized to read node
(bsc#1135773)
- Various cleanups in spec file
Patchnames
SUSE-2020-2072,SUSE-OpenStack-Cloud-7-2020-2072
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "low", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for ansible, crowbar-core, crowbar-ha, crowbar-openstack, etcd, flannel, grafana, keepalived, kibana, memcached, monasca-installer, openstack-dashboard-theme-SUSE, openstack-manila, openstack-neutron-fwaas, openstack-nova, openstack-tempest, python-Django, python-Pillow, python-psql2mysql, python-psutil, python-py, python-pysaml2, python-waitress, rabbitmq-server, release-notes-suse-openstack-cloud, zookeeper", title: "Title of the patch", }, { category: "description", text: "This update for ansible, crowbar-core, crowbar-ha, crowbar-openstack, etcd, flannel, grafana, keepalived, kibana, memcached, monasca-installer, openstack-dashboard-theme-SUSE, openstack-manila, openstack-neutron-fwaas, openstack-nova, openstack-tempest, python-Django, python-Pillow, python-psql2mysql, python-psutil, python-py, python-pysaml2, python-waitress, rabbitmq-server, release-notes-suse-openstack-cloud, zookeeper fixes the following issues:\n\nSecurity fixes included ins this update:\n\nansible\n- CVE-2019-3828: Fixed a path traversal in the fetch module (bsc#1126503).\n\ngrafana\n- CVE-2020-13379: Fixed an incorrect access control issue which could\nlead to information leaks or denial of service (bsc#1172409).\n- CVE-2020-12052: Fixed an cross site scripting vulnerability related to\nthe annotation popup (bsc#1170657).\n\nkibana\n- CVE-2020-10743: Fixed a clickjacking vulnerability (bsc#1171909).\n\nmemcached (to version 1.5.17)\n- CVE-2019-15026: Fixed a stack-based buffer over-read\nin conn_to_str()n (bsc#1149110).\n- CVE-2019-11596: Fixed a denial of service in the 'lru' command\n(bsc#1133817)\n- CVE-2018-1000115: Disabled UDP by default to reduce DDoS amplification\nattacks (bsc#1083903).\n\npython-Django\n- CVE-2020-13254: Fixed a data leakage via malformed memcached keys\n(bsc#1172167).\n- CVE-2020-13596: Fixed a cross site scripting vulnerability related to\nthe admin parameters of the ForeignKeyRawIdWidget (bsc#1172166).\n- Fixed a regression with the fix for CVE-2019-3498 (bsc#1161349).\n\npython-Pillow\n- CVE-2019-16865: Fixed a denial of service with specially crafted\nimage files (bsc#1153191).\n- CVE-2020-5312: Fixed a buffer overflow in the PCX P mode (bsc#1160152).\n- CVE-2020-5313: Fixed a buffer overflow related to FLI (bsc#1160153).\n- CVE-2019-19911: Fixed a denial of service in FpxImagePlugin.py\n(bsc#1160192).\n\npython-pysaml2\n- CVE-2020-5390: Fixed an issue with the verification of signatures in\nSAML documents (bsc#1160851)\n- CVE-2017-1000246: Fixed an issue with weak encryption data, caused by\ninitialization vector reuse(bsc#1068612).\n\npython-waitress (to version 1.4.3)\n- CVE-2019-16785: Fixed HTTP request smuggling through LF vs CRLF\nhandling (bsc#1161088).\n- CVE-2019-16786: Fixed HTTP request smuggling through invalid\nTransfer-Encoding (bsc#1161089).\n- CVE-2019-16789: Fixed HTTP Request Smuggling through invalid\nwhitespace characters (bsc#1160790).\n- CVE-2019-16792: Fixed HTTP Request Smuggling through Content-Length\nheader handling (bsc#1161670).\n\nrubygem-activeresource\n- CVE-2020-8151: Fixed information disclosure issue through specially\ncrafted requests (bsc#1171560)\n\nrubygem-json-1_7\n- CVE-2020-10663: Fixed Unsafe Object Creation Vulnerability in JSON\n(bsc#1167244)\n\nrubygem-puma\n- CVE-2020-11077: Fixed HTTP Request Smuggling through proxy (bsc#1172175)\n- CVE-2020-11076: Fixed HTTP Request smuggling through invalid\nTransfer-Encoding header.\n- CVE-2020-5247: Fixed HTTP Response Splitting through newline characters\nhandling (bsc#1165402)\n\nzookeeper:\n- CVE-2019-0201: Fixed an information disclosure related to\ngetACL() (bsc#1135773).\n\nNon security fixes included in this update:\n\nChanges in ansible:\n- Add 0001-Disallow-use-of-remote-home-directories-containing-..patch\n (bsc#1126503, CVE-2019-3828)\n\nChanges in crowbar-core:\n- Update to version 4.0+git.1580209654.1d112d31f:\n * network: start OVS before wickedd (SOC-11067)\n\nChanges in crowbar-ha:\n- Update to version 4.0+git.1585316203.d6ad2c8:\n * [4.0] add ssl termination on haproxy (bsc#1149535)\n\nChanges in crowbar-openstack:\n- Update to version 4.0+git.1589804581.9972163f0:\n * [4.0] magnum: fix check for image/flavor (SOC-11251)\n\n- Update to version 4.0+git.1589647351.ccfd9481f:\n * [4.0] trove: fix rabbitmq connection URL (SOC-11286)\n\n- Update to version 4.0+git.1589458214.9f765aa08:\n * [4.0] Fix create magnum k8s image and flavor (SOC-11251)\n\n- Update to version 4.0+git.1588271860.131fc8cc1:\n * run keystone_register on cluster founder only when HA (SOC-11248)\n * nova: run keystone_register on cluster founder only (SOC-11243)\n\n- Update to version 4.0+git.1588096523.679da5c50:\n * tempest: retry openstack commands (SOC-11238)\n\n- Update to version 4.0+git.1587129016.c009e43c9:\n * Disable magnum.tests.functional.api.v1.test_cluster (SOC-11224)\n\n- Update to version 4.0+git.1587035427.abb6e9b4e:\n * Fix barbican SSL support (SOC-9298)\n\n- Update to version 4.0+git.1586421486.5601320b7:\n * Fix magnum tempest tests (SOC-9298)\n\n- Update to version 4.0+git.1585331022.609482166:\n * tempest: update blacklisted tempest test cases (SOC-9801,SOC-11174,SOC-11187)\n\n- Update to version 4.0+git.1585136604.988f3a1da:\n * Disabling failing tempest tests on SOC7\n * [4.0] ec2-api: run keystone_register on cluster founder only (SOC-11079)\n\n- Update to version 4.0+git.1582582068.c8c2448c0:\n * neutron: Place space between CLI arguments\n\n- Update to version 4.0+git.1580894959.1fe5fd282:\n * Revert '[4.0] rabbitmq: sync startup definitions.json with recipe' (SOC-11082)\n\n- Update to version 4.0+git.1580469474.967ab8baf:\n * rabbitmq: sync startup definitions.json with recipe (SOC-11077)\n\nChanges in etcd:\n- Build against go 1.6\n\n- Fix etcd build. We are generating 2 binaries, etcd and etcdctl.\n They need to be built separately \n\n- Ensure /var/lib/etcd is controlled by etcd:etcd\n\n- exclude i586. We don't expect this package to be built on i586. \n\n- remove sysconfig.etcd: this file is not being used \n\n- Update to version 3.1.0:\n * raft: add node should reset the pendingConf state\n * v3rpc: don't close watcher if client closes send\n * e2e: add test for v3 watch over grpc gateway\n * mvcc: remove unused restore method\n * integration: don't expect recv to stop on CloseSend in waitResponse\n * Documentation: add grpc gateway watch example\n * version: bump up v3.1.0-rc.1+git\n * discovery: warn on scheme mismatch\n * grpcproxy: fix deadlock on watch broadcasts stop\n * etcdmain: add '/metrics' HTTP/1 path to grpc-proxy\n * etcd-tester: do not resolve localhost\n * raftexample: confState should be saved after apply\n * raft: test case to check the duplicate add node propose\n * raft: fix test case, should wait config propose applied\n * raft: fix test case for data race\n * raft: use the channel instead of sleep to make test case reliable\n * raft: fix TestNodeProposeAddDuplicateNode\n * etcdmain: handle TLS in grpc-proxy listener\n * etcd-tester:limit max retry backoff delay\n * functional-tester: add withBlock() to grpc dial\n * op-guide: add notes about Prometheus data source in Grafana\n * clientv3: return copy of endpoints, not pointer\n * auth: add a timeout mechanism to simple token\n * client: update README about health monitoring\n * grpcproxy: fix race between watch ranges delete() and broadcasts empty()\n * lease: Use monotonic time in lease\n * integration: use Range to wait for reboot in quota tests\n * grpcproxy: fix race between coalesce and bcast on nextrev\n * etcd-tester: refactor lease checker\n * store: check sorted order in TestStoreGetSorted\n * vendor: bump go-systemd to v14 to avoid build error\n * integration: cancel Watch when TestV3WatchWithPrevKV exits\n * grpcproxy: add richer metrics for watch\n * grpcproxy: add cache related metrics\n * raft: Fix election 'logs converge' test\n * raft: Export Progress.IsPaused\n * benchmark: add rate limit\n * etcdctl: remove GetUser check before mutable commands\n * grpcproxy: lock store when getting size\n * Documentation: link added to libraries-and-tools.md with a new v2 Scala Client\n * grpcproxy: fix deadlock in watchbroadcast\n * etcdserver: time out when readStateC is blocking\n * store: fix store_test.go comments\n * vendor: update ugorji/go\n * client: update generated ugorji codec\n * doc: initial faq\n * clientv3/integration: test lease keepalive works following quorum loss\n * integration: use RequireLeader for TestV3LeaseFailover\n * v3rpc, etcdserver, leasehttp: ctxize Renew with request timeout\n * Documentation: add blox and chain as users\n * etcdserver: do not send v2 sync if ttl keys do not exist\n * ROADMAP: update for 3.2\n * Documentation: add more FAQ questions\n * grpcproxy: fix minor typo\n * vendor: use versions when possible in glide.yaml\n * scripts: use glide update if repo exists in glide.lock\n * github: make bug reporting link non-relative\n * github: make contribution link non-relative\n * Documentation: update get examples to be clearer about ranges\n * etcdserver, embed, v2http: move pprof setup to embed\n * doc: add faq about apply warning logging\n * test: exclude '_home' for gosimple, unused\n * auth: fix gosimple errors\n * integration: simplify boolean comparison in resp.Created\n * raft: simplify boolean comparison, remove unused\n * tools: simplify boolean comparison, remove unused\n * e2e: remove unused 'ctlV3GetFailPerm'\n * v3rpc: remove unused 'splitMethodName' function\n * grpcproxy: remove unused field 'wbs *watchBroadcasts'\n * doc: add faq about missing heartbeat\n * etcdctl: 'fields' output formats\n * build: remove dir use -r flag\n * etcd-tester: add 'enable-pprof' option\n * etcd-tester: cancel lease stream; fix OOM panic\n * doc: add hardware section\n * auth: improve 'removeSubsetRangePerms' to O(n)\n * Documentation: use port 2379 in local cluster guide The port in endpoints should be 2379, instead of 12379.\n * op-guide/clustering: fix typo\n * embed: deep copy user handlers\n * Documentation: add more FAQs (follower, leader, sys-require)\n * clientv3: close Lease on client Close\n * netutil: ctx-ize URLStringsEqual\n * etcdserver: retry for 30s on advertise url check\n * membership: retry for 30s on advertise url check\n * clientv3: return error from KeepAlive if corresponding loop exits\n * clientv3: add test for keep alive loop exit case\n * auth, etcdserver: protect membership change operations with auth\n * e2e: test cases of protecting membership change with auth\n * clientv3: better error message for keep alive loop halt\n * Documentation: FAQ entry for cluster ID mismatches\n * dev-guide: add limit.md\n * Documentation: minor fix nodes -> node\n * etcdctl: warn when backend takes too long to open on migrate\n * docs: explicitly set ETCDCTL_API=3 in recovery.md\n * v3api, rpctypes: add ErrTimeoutDueToConnectionLost\n * clientv3/integration: test lease grant/keepalive with/without failures\n * clientv3: don't reset keepalive stream on grant failure\n * etcdctl: tighten up output, reorganize README.md\n * Documentation: add FAQs on membership operation\n * Documentation: add 'why.md'\n * embed: only override default advertised client URL if the client listen URL is 0.0.0.0\n * raft: make memory storage set method thread safe\n * raft: resume paused followers on receipt of MsgHeartbeatResp\n * etcd-tester: fix typo, add endpoint in logs\n * lease: force leader to apply its pending committed index for lease operations\n * leasehttp: buffer error channel to prevent goroutine leak\n * raft: fix pre-vote tests\n * etcdserver: rework update committed index logic\n * etcd-tester: remove unused err var from maxRev\n * e2e: check etcdctl endpoint health is healthy if denied permission to key\n * benchmark: a new option for configuring dial timeout\n * ctlv3: consider permission denied error to be healthy for endpoints\n * etcdmain: add --metrics flag for exposing histogram metrics\n * e2e: test cluster-health\n * v2http: submit QGET in health endpoint if no progress\n * test: bump grpcproxy pass timeout to 15m\n * lease: use atomics for accessing lease expiry\n * e2e: poll '/version' in release upgrade tests\n * e2e: unset ETCDCTL_API env var before running u2e tests\n * etcdserver: consistent naming in raftReadyHandler\n * coverage: rework code coverage for unit and integration tests\n * testutil: whitelist thread created by go cover\n * rafthttp: bump up timeout in pipeline test\n * grpcproxy, etcdmain, integration: return done channel with WatchServer\n * integration: defer clus.Terminate in watch tests\n * raftexample: load snapshot when opening WAL\n * etcd-runner: make command compliant\n * raft: use status to test node stop\n * etcdserver: expose ErrNotEnoughStartedMembers\n * etcdserver: resume compactor only if leader\n * benchmark: enable grpc error logging on stderr\n * etcd-runner:add flags in watcher for hardcoded values\n * docs: fix recovery example in recovery.md\n * auth: use quorum get for GetUser/GetRole for mutable operations\n * grpcproxy: tear down watch when client context is done\n * integration: use only digits in unix ports\n * e2e: dump stack on ctlTest timeout\n * expect: EXPECT_DEBUG environment variable\n * why: add origin of the term etcd\n * testutil: increase size of buffer for stack dump\n * raft: fix test case for #7042\n * vendor: update ugorji/go\n * integration: add grpc auth testing\n * auth: reject empty user name when checking op permissions\n * etcdctl: create root role on auth enable if it does not yet exist\n * raft: add RawNode test case for #6866\n * pkg/report: support 99.9-percentile, change column name\n * documentation: display docs.md in github browser\n * benchmark: option to rate limit range benchmark\n * etcdserver, clientv3: handle a case of expired auth token\n * tools: Add etcd 3.0 load test tool refernece\n * transport: warn on user-provided CA\n * NEWS: add v3.1.0, v3.0.16 + minor fixes\n * clienv3: fix balancer test logic\n * clientv3: don't reset stream on keepaliveonce or revoke failure\n * grpcproxy: use ccache for key cache\n * vendor: remove groupcache, add ccache\n * pkg/report: add 'Stats' to expose report raw data\n * travis: use Go 1.7.4, drop old env var\n * ctlv3: print cluster info after adding new member\n * Documentation: document upgrading to v3.1\n * pkg/report: add nil checking for getTimeSeries\n * etcdserver: use ReqTimeout for linearized read\n * grpcproxy, etcdmain, integration: add close channel to kv proxy\n * glide: update 'golang.org/x/net'\n * vendor: update 'golang.org/x/net'\n * Documentation: update experimental_apis for v3.1 release\n * NEWS: fix date for v3.1 release\n * Documentation: fix typo s/endpoint-health/endpoint health/\n * clientv3/concurrency: fix rev comparison on concurrent key deletion\n * integration: test STM apply on concurrent deletion\n * pkg/flags: fixed prefix checking of the env variables\n * etcdctlv3: snapshot restore works with lease key\n * test: passed the test script arguments as the test function parameters\n * documentation: update build documentation\n * version: bump to v3.1.0\n\n- Update to version 3.1.0rc.1:\n * grpcproxy: watch next revision should be start revision when not 0\n * grpcproxy: copy range request before storing in cache\n * raft: return empty status if node is stopped\n * mvcc: store.restore taking too long triggering snapshot cycle fix\n * mvcc: TestStoreRestore fix\n * mvcc : Added benchmark for store.resotre\n * pkg/netutil: get default interface for tc commands\n * version: bump up v3.1.0-rc.1\n\nChanges in grafana:\n- Add CVE-2020-13379.patch\n * Security: fix unauthorized avatar proxying (bsc#1172409, CVE-2020-13379)\n- Refresh systemd-notification.patch\n- Fix declaration for LICENSE\n\n- Add 0002-CVE-2020-12052-bsc1170657-XSS-annotation-popup-vulnerability.patch \n * Security: Fix annotation popup XSS vulnerability \n (bsc#1170657) \n\n- Add CVE-2019-15043.patch (SOC-10357, CVE-2019-15043, bsc#1148383)\nChanges in keepalived:\n- update to 2.0.19\n- new BR pkgconfig(libnftnl) to fix nftables support\n- add nftables to the BR\n- added patch\n * linux-4.15.patch\n- add buildrequires for file-devel\n - used in the checker to verify scripts\n- enable json stats and config dump support\n new BR: pkgconfig(json-c)\n- enable http regexp support: new BR pcre2-devel\n- disable dbus instance creation support as it is marked as\n dangerous\n- Add BFD build option to keepalived.spec rpm file\n Issue #1114 identified that the keepalived.spec file was not being\n generated to build BFD support even if keepalived had been\n configured to support it.\n- full changelog\n https://keepalived.org/changelog.html\n\n- update to 1.4.5:\n * Update snapcraft.yaml for 1.4.x+git\n * Fix generation of git-commit.h with git commit number.\n * Set virtual server address family correctly.\n * Set virtual server address family correctly when using tunnelled\n real servers.\n * Fix handling of virtual servers with no real servers at config time.\n * Add warning if virtual and real servers are different address families.\n Although normally the virtual server and real servers must have the\n same address family, if a real server is tunnelled, the address families\n can be different. However, the kernel didn't support that until 3.18,\n so add a check that the address families are the same if different\n address families are not supported by the kernel.\n * Send correct status in Dbus VrrpStatusChange notification.\n When an instance transitioned from BACKUP to FAULT, the Dbus\n status change message reported the old status (BACKUP) rather than\n the new status (FAULT). This commit attempts to resolved that.\n * doc: ipvs schedulers update\n * Fix a couple of typos in configure.ac.\n * Fix namespace collision with musl if_ether.h.\n * Check if return value from read_value_block() is null before using.\n * Fix reporting real server stats via SNMP.\n * Make checker process handle RTM_NEWLINK messages with -a option\n Even though the checker process doesn't subscribe to RTNLGRP_LINK\n messages, it appears that older kernels (certainly 2.6.32) can\n send RTM_NEWLINK (but not RTM_DELLINK) messages. This occurs\n when the link is set to up state.\n Only the VRRP process is interested in link messages, and so the\n checker process doesn't do the necessary initialisation to be able\n to handle RTM_NEWLINK messages.\n This commit makes the checker process simply discard RTM_NEWLINK\n and RTM_DELLINK messages, rather than assuming that if it receives\n an RTM_NEWLINK message it must be the VRRP process.\n This problem was reported in issue #848 since the checker process\n was segfaulting when a new interface was added when the -a command\n line option was specified.\n * Fix handling RTM_NEWLINK when building without VRRP code.\n * Fix building on Fedora 28.\n net-snmp-config output can include compiler and linker flags that\n refer to spec files that were used to build net-snmp but may not\n exist on the system building keepalived. That would cause the build\n done by configure to test for net-snmp support to fail; in particular\n on a Fedora 28 system that doesn't have the redhat-rpm-config package\n installed.\n This commit checks that any spec files in the compiler and linker\n flags returned by net-snmp-config exist on the system building\n keepalived, and if not it removes the reference(s) to the spec file(s).\n * keepalived-1.4.3 released.\n * vrrp: setting '0' as default value for ifa_flags to make gcc happy.\n * Add additional libraries when testing for presence of SSL_CTX_new().\n It appears that some systems need -lcrypto when linking with -lssl.\n * Sanitise checking of libnl3 in configure.ac.\n * Report and handle missing '}'s in config files.\n * Add missing '\\n' in keepalived.data output.\n * Stop backup taking over as master while master reloads.\n If a reload was initiated just before an advert, and since it took\n one advert interval after a reload before an advert was sent, if the\n reload itself took more than one advert interval, the backup could\n time out and take over as master.\n This commit makes keepalived send adverts for all instances that are\n master immediately before a reload, and also sends adverts immediately\n after a reload, thereby trippling the time available for the reload\n to complete.\n * Add route option fastopen_no_cookie and rule option l3mdev.\n * Fix errors in KEEPALIVED-MIB.txt.\n * Simplify setting on IN6_ADDR_GEN_MODE.\n * Cosmetic changes to keepalived(8) man page.\n * Don't set ipvs sync daemon to master state before becoming master\n If a vrrp instance which was the one specified for the ipvs sync\n daemon was configured with initial state master, the sync daemon\n was being set to master mode before the vrrp instance transitioned\n to master mode. This caused an error message when the vrrp instance\n transitioned to master and attempted to make the sync daemon go from\n backup to master mode.\n This commit stops setting the sync daemon to master mode at initialisation\n time, and it is set to master mode when the vrrp instance transitions\n to master.\n * Fix freeing vector which has not had any entries allocated.\n * Add additional mem-check disgnostics\n vector_alloc, vectot_alloc_slot, vector_free and alloc_strvec all\n call MALLOC/FREE but the functions written in the mem_check log\n are vector_alloc etc, not the functions that call them.\n This commit adds logging of the originating calling function.\n * Fix memory leak in parser.c.\n * Improve alignment of new mem-check logging.\n * Disable all checkers on a virtual server when ha_suspend set.\n Only the first checker was being disabled; this commit now disables\n all of them.\n Also, make the decision to disable a checker when starting/reloading\n when scheduling the checker, so that the existance of the required\n address can be checked.\n * Stop genhash segfaulting when built with --enable-mem-check.\n * Fix memory allocation problems in genhash.\n * Properly fix memory allocation problems in genhash.\n * Fix persistence_granularity IPv4 netmask validation.\n The logic test from inet_aton() appears to be inverted.\n * Fix segfault when checker configuration is missing expected parameter\n Issue #806 mentioned as an aside that 'nb_get_retry' without a parameter\n was sigfaulting. Commit be7ae80 - 'Stop segfaulting when configuration\n keyword is missing its parameter' missed the 'hidden' uses of vector_slot()\n (i.e. those used via definitions in header files).\n This commit now updates those uses of vector_slot() to use strvec_slot()\n instead.\n * Fix compiling on Linux 2.x kernels.\n There were missing checks for HAVE_DECL_CLONE_NEWNET causing\n references to an undeclared variable if CLONE_NEWNET wasn't defined.\n * Improve parsing of kernel release.\n The kernel EXTRAVERSION can start with any character (although\n starting with a digit would be daft), so relax the check for it\n starting with a '-'. Kernels using both '+' and '.' being the\n first character of EXTRAVERSION have been reported.\n * Improve grammer.\n * add support for SNI in SSL_GET check.\n this adds a `enable_sni` parameter to SSL_GET, making sure the check\n passes the virtualhost in the SNI extension during SSL handshake.\n * Optimise setting host name for SSL_GET requests with SNI.\n * Allow SNI to be used with SSL_GET with OpenSSL v1.0.0 and LibreSSL.\n * Use configure to check for SSL_set_tlsext_host_name()\n Rather than checking for a specific version of the OpenSSL library\n (and it would also need checking the version of the LibreSSL library)\n let configure check for the presence of SSL_set_tlsext_host_name().\n Also omit all code related to SNI of SSL_set_tlsext_host_name() is\n not available.\n * Use configure to determine available OpenSSL functionality\n Rather than using version numbers of the OpenSSL library to determine\n what functions are available, let configure determine whether the\n functions are supported.\n The also means that the same tests work for LibreSSL.\n * Add support for gratuitous ARPs for IP over Infiniband.\n * Use system header definition instead of local definition IF_HWADDR_MAX\n linux/netdevice.h has definition MAX_ADDR_LEN, which is 32, whereas\n IF_HWADDR_MAX was locally defined to be 20.\n Unfortunately we end up with more system header file juggling to ensure\n we don't have duplicate definitions.\n * Fix vrrp_script and check_misc scripts of type </dev/tcp/127.0.0.1/80.\n * Add the first pre-defined config definition (${_PWD})\n ${_PWD} in a configuration file will be replaced with the full\n path name of the directory that keepalived is reading the current\n configuration file from.\n * Open and run the notify fifo and script if no other fifo\n Due to the way the code was structured the notify_fifo for both\n checker and vrrp messages wasn't run if neither the vrrp or checker\n fifo wasn't configured.\n Also, if all three fifos were configured, the general fifo script\n was executed by both the vrrp and checker process, causing problems.\n * Add support for Infiniband interfaces when dumping configuration.\n * Tidy up layout in vrrp_arp.c.\n * Add configure check for support of position independant executables (PIE).\n * Add check for -pie support, and fix writing to keepalived.data.\n * keepalived-1.4.2 released.\n * Make genhash exit with exit code 1 on error.\n Issue #766 identified that genhash always exits with exit code 1\n even if an error has occurred.\n * Rationalise printing of http header in genhash.\n * Use http header Content-Length field in HTTP_CHECK/SSL_CHECK.\n If a Content-Length is supplied in the http header, use that as a\n limit to the data length (as wget does). If the length of data\n received does not match the Content-Length log a warning.\n * Optimise parameter passing to fprintf in genhash.\n * Don't declare mark variable if don't have MARK socket option.\n * Fix sync groups with only one member.\n Commit c88744a0 allowed sync groups with only 1 member again, but\n didn't stop removing the sync group if there was only 1 member.\n This commit now doesn't remove sync groups with only one member.\n * Make track scripts work with --enable-debug config option.\n * Add warning if --enable-debug configure option is used.\n * Allow more flexibility of layout of { and } in config files.\n keepalived was a bit fussy about where '{'s and '}'s (braces) could\n be placed in terms of after the keyword, or on a line on their own.\n It certainly was not possible to have multiple braces on one line.\n This commit now provides complete flexibility of where braces are, so\n long as they occur in the correct order.\n * Make alloc_value_block() report block type if there is an error.\n * Simplify alloc_value_block() by using libc string functions.\n * Add dumping of garp delay config when using -d option.\n * Fix fractions of seconds for garp group garp_interval.\n * Make read_value_block() use alloc_value_block().\n This removes quite a bit of duplication of functionality, and\n ensures the configuration parsing will be more consistent.\n * Fix build with Linux kernel headers v4.15.\n Linux kernel version 4.15 changed the libc/kernel headers suppression\n logic in a way that introduces collisions.\n * Add missing command line options to keepalived(8) man page.\n * Fix --dont-release-vrrp.\n On github, ushuz reported that commit 62e8455 - 'Don't delete vmac\n interfaces before dropping multicast membership' broke --dont-release-vrrp.\n This commit restores the correct functionality.\n * Define _GNU_SOURCE for all compilation units.\n Rather than defining _GNU_SOURCE when needed, let configure add\n it to the flags passed to the C compiler, so that it is defined\n for all compilation units. This ensures consistence.\n * Fix new warnings procuded by gcc 8.\n * Fix dumping empty lists.\n Add a check in dump_list() for an empty list, and don't attempt\n to dump it if it is empty.\n * Resolve conversion-check compiler warnings.\n * Add missing content to installing_keepalived.rst documentation.\n Issue #778 identified that there was text missing at the end of\n the document, and that is now added.\n * Fix systemd service to start after network-online.target.\n This fix was merged downstream by RedHat in response to\n RHBZ #1413320.\n * Update INSTALL file to describe packages needed for building\n documentation.\n * INSTALL: note linux distro package that provides 'sphinx_rtd_theme'\n * Clear /proc/sys/net/ipv6/conf/IF/disable_ipv6 when create VMACs.\n An issue was identified where keepalived was reporting permission\n denied when attempting to add an IPv6 address to a VMAC interface.\n It turned out that this was because\n /proc/sys/net/ipv6/conf/default/disable_ipv6\n was set to 1, causing IPv6 to be disables on all interfaces that\n keepalived created.\n This commit clears disable_ipv6 on any VMAC interfaces that\n keepalived creates if the vrrp instance is using IPv6.\n- remove linux-4.15.patch: does not apply anymore and not needed\n (the distros using 4.15 have moved on to keepalived 2.x)\n\n- Only Require insserv on distributions without systemd.\n- Fix systemd related requires/buildRequires\n- Do not run scriptlets that use insserv when using systemd\n\n- add linux-4.15.patch\n\nChanges in kibana:\n- Add 0001-Configurable-custom-response-headers-for-server.patch\n (bsc#1171909, CVE-2020-10743)\n\nChanges in memcached:\n- version update to 1.5.17\n * bugfixes\n fix strncpy call in stats conns to avoid ASAN violation (bsc#1149110, CVE-2019-15026)\n extstore: fix indentation\n add error handling when calling dup function\n add unlock when item_cachedump malloc failed\n extstore: emulate pread(v) for macOS\n fix off-by-one in logger to allow CAS commands to be logged.\n use strdup for explicitly configured slab sizes\n move mem_requested from slabs.c to items.c (internal cleanup)\n * new features\n add server address to the 'stats conns' output\n log client connection id with fetchers and mutations\n Add a handler for seccomp crashes\n- version update to 1.5.16\n * bugfixes\n When nsuffix is 0 space for flags hasn't been allocated so don't memcpy them.\n- version update to 1.5.15\n * bugfixes\n Speed up incr/decr by replacing snprintf.\n Use correct buffer size for internal URI encoding.\n change some links from http to https\n Fix small memory leak in testapp.c.\n free window_global in slab_automove_extstore.c\n remove inline_ascii_response option\n -Y [filename] for ascii authentication mode\n fix: idle-timeout wasn't compatible with binprot\n * features\n -Y [authfile] enables an authentication mode for ASCII protocol.\n- modified patches\n % memcached-autofoo.patch (refreshed)\n\n- version update to 1.5.14\n * update -h output for -I (max item size)\n * fix segfault in 'lru' command (bsc#1133817, CVE-2019-11596)\n * fix compile error on centos7\n * extstore: error adjusting page_size after ext_path\n * extstore: fix segfault if page_count is too high.\n * close delete + incr item survival race bug\n * memcached-tool dump fix loss of exp value\n * Fix 'qw' in 'MemcachedTest.pm' so wait_ext_flush is exported properly\n * Experimental TLS support.\n * Basic implementation of TLS for memcached.\n * Improve Get And Touch documentation\n * fix INCR/DECR refcount leak for invalid items\n- modified patches\n % memcached-autofoo.patch (refreshed)\n\n- Version bump to 1.5.11:\n * extstore: balance IO thread queues\n- Drop memcached-fix_test.patch that is present now upstream\n\n- Add patch to fix aarch64, ppc64* and s390x tests:\n * memcached-fix_test.patch\n\n- Fix linter errors regarding COPYING\n\n- update to 1.5.10:\n * disruptive change in extstore: -o ext_page_count= is deprecated\n and no longer works. To specify size: -o ext_path=/d/m/e:500G\n extstore figures out the page count based on your desired page\n size. M|G|T|P supported.\n * extstore: Add basic JBOD support: ext_path can be specified\n multiple times for striping onto simimar devices\n * fix alignment issues on some ARM platforms for chunked items\n\n- Update to 1.5.9:\n * Bugfix release.\n * Important note: if using --enable-seccomp, privilege dropping\n is no longer on by default. The feature is experimental and many\n users are reporting hard to diagnose problems on varied platforms.\n * Seccomp is now marked EXPERIMENTAL, and must be explicitly\n enabled by adding -o drop_privileges. Once we're more confident\n with the usability of the feature, it will be enabled in -o modern,\n like any other new change. You should only use it if you are\n willing to carefully test it, especially if you're a vendor or\n distribution.\n * Also important is a crash fix in extstore when using the ASCII\n protocol, large items, and running low on memory.\n\n- update to 1.5.8:\n * Bugfixes for seccomp and extstore\n * Extstore platform portability has been greatly improved for ARM\n and 32bit systems\n- includes changes from 1.5.7:\n * Fix alignment issues for 64bit ARM processors\n * Fix seccomp portability\n * Fix refcount leak with extstore while using binary touch commands\n\n- turn on the testsuite again, it seems to pass server side,\n too\n\n- Home directory shouldn't be world readable bsc#1077718\n- Mention that this stream isn't affected by bsc#1085209, \n CVE-2018-1000127 to make the checker bots happy.\n\n- update to 1.5.6 (bsc#1083903, CVE-2018-1000115):\n * This update disables UDP by default to reduce DDoS amplification\n attacks\n * see https://github.com/memcached/memcached/wiki/ReleaseNotes156\n * see https://github.com/memcached/memcached/wiki/ReleaseNotes155\n * see https://github.com/memcached/memcached/wiki/ReleaseNotes154\n * see https://github.com/memcached/memcached/wiki/ReleaseNotes153\n * see https://github.com/memcached/memcached/wiki/ReleaseNotes152\n * see https://github.com/memcached/memcached/wiki/ReleaseNotes151\n * see https://github.com/memcached/memcached/wiki/ReleaseNotes150\n\n- Replace references to /var/adm/fillup-templates with new \n %_fillupdir macro (boo#1069468)\n\nChanges in monasca-installer:\n- Add 0001-kibana:-set-x-frame-options-header.patch (bsc#1171909,\n CVE-2020-10743)\n\nChanges in openstack-dashboard-theme-SUSE:\n- Switch github URL from git@ to git:// to bypass authentication\n\nChanges in openstack-manila:\n- Add 0001-Fix-exportfs-u-usage-in-generic-driver.patch\n Backported from upstream patch https://review.opendev.org/#/c/411631/\n Related Bug (SOC-9801)\n\nChanges in openstack-neutron-fwaas:\n- Add 0050-Remove-tempest-shared-physical-network.patch (SOC-9801)\n This tempest configuration option is not present in tempest, as\n it was only added after the SOC7 release cut.\n\nChanges in openstack-nova:\n- Add 0001-live-mig-keep-disk-device-address-same.patch (bsc#1164316)\n - Fix for https://bugs.launchpad.net/nova/+bug/1715569\n\nChanges in openstack-tempest:\n\n- Add 0001-Use-available-scheduler-filters.patch\n Backported from upstream patch https://review.opendev.org/#/c/570207/\n Related Bugs: SOC-9801,SOC-11174\n\n- Add 0001-Remove-volume_feature_enabled.volume_services.patch\n Backported from upstream patch https://review.opendev.org/#/c/438220/\n Related Bug (SOC-9801)\n\n\nChanges in python-cffi:\n- Do not build python3 subpackages as C:OS:Newton does not support\n it\n\n- provide also python-cffi = 1.10.0 and 1.5.2 to avoid breaking the\n cloud 7 and 8 requirements (bsc#948198)\n\n- Update in SLE-12 (bsc#1138748, jsc#ECO-1256, jsc#PM-1598)\n\n- Add dont-corrupt-memory.patch to fix boo#1111657 (originally\n from https://bitbucket.org/cffi/cffi/commits/7a76a3815340)\n\n- build python3 subpackage (FATE#324435, FATE#323875)\n\n- Add patch cffi-loader.patch to fix bsc#1070737\n- Sort out with spec-cleaner\n\n- update to version 1.11.2:\n * Fix Windows issue with managing the thread-state on CPython 3.0 to\n 3.5\n\n- Update pytest in spec to add c directory tests in addition to \n testing directory.\n- Omit test_init_once_multithread tests as they rely on multiple\n threads finishing in a given time. Returns sporadic pass/fail\n within build.\n- Update to 1.11.1:\n * Fix tests, remove deprecated C API usage\n * Fix (hack) for 3.6.0/3.6.1/3.6.2 giving incompatible binary\n extensions (cpython issue #29943)\n * Fix for 3.7.0a1+\n\n- Update to 1.11.0:\n * Support the modern standard types char16_t and char32_t. These\n work like wchar_t: they represent one unicode character, or when\n used as charN_t * or charN_t[] they represent a unicode string.\n The difference with wchar_t is that they have a known, fixed\n size. They should work at all places that used to work with\n wchar_t (please report an issue if I missed something). Note\n that with set_source(), you need to make sure that these types\n are actually defined by the C source you provide (if used in\n cdef()).\n * Support the C99 types float _Complex and double _Complex. Note\n that libffi doesn’t support them, which means that in the ABI\n mode you still cannot call C functions that take complex\n numbers directly as arguments or return type.\n * Fixed a rare race condition when creating multiple FFI instances\n from multiple threads. (Note that you aren’t meant to create\n many FFI instances: in inline mode, you should write\n ffi = cffi.FFI() at module level just after import cffi; and in\n out-of-line mode you don’t instantiate FFI explicitly at all.)\n * Windows: using callbacks can be messy because the CFFI internal\n error messages show up to stderr—but stderr goes nowhere in many\n applications. This makes it particularly hard to get started\n with the embedding mode. (Once you get started, you can at least\n use @ffi.def_extern(onerror=...) and send the error logs where\n it makes sense for your application, or record them in log\n files, and so on.) So what is new in CFFI is that now, on\n Windows CFFI will try to open a non-modal MessageBox (in addition\n to sending raw messages to stderr). The MessageBox is only\n visible if the process stays alive: typically, console\n applications that crash close immediately, but that is also the\n situation where stderr should be visible anyway.\n * Progress on support for callbacks in NetBSD.\n * Functions returning booleans would in some case still return 0\n or 1 instead of False or True. Fixed.\n * ffi.gc() now takes an optional third parameter, which gives an\n estimate of the size (in bytes) of the object. So far, this is\n only used by PyPy, to make the next GC occur more quickly\n (issue #320). In the future, this might have an effect on\n CPython too (provided the CPython issue 31105 is addressed).\n * Add a note to the documentation: the ABI mode gives function\n objects that are slower to call than the API mode does. For\n some reason it is often thought to be faster. It is not!\n- Update to 1.10.1:\n * Fixed the line numbers reported in case of cdef() errors. Also,\n I just noticed, but pycparser always supported the preprocessor\n directive # 42 'foo.h' to mean “from the next line, we’re in\n file foo.h starting from line 42”, which it puts in the error\n messages. \n\n- update to 1.10.0:\n * Issue #295: use calloc() directly instead of PyObject_Malloc()+memset()\n to handle ffi.new() with a default allocator. Speeds up ffi.new(large-array)\n where most of the time you never touch most of the array.\n * Some OS/X build fixes (“only with Xcode but without CLT”).\n * Improve a couple of error messages: when getting mismatched versions of\n cffi and its backend; and when calling functions which cannot be called with\n libffi because an argument is a struct that is “too complicated” (and not\n a struct pointer, which always works).\n * Add support for some unusual compilers (non-msvc, non-gcc, non-icc, non-clang)\n * Implemented the remaining cases for ffi.from_buffer. Now all\n buffer/memoryview objects can be passed. The one remaining check is against\n passing unicode strings in Python 2. (They support the buffer interface, but\n that gives the raw bytes behind the UTF16/UCS4 storage, which is most of the\n times not what you expect. In Python 3 this has been fixed and the unicode\n strings don’t support the memoryview interface any more.)\n * The C type _Bool or bool now converts to a Python boolean when reading,\n instead of the content of the byte as an integer. The potential\n incompatibility here is what occurs if the byte contains a value different\n from 0 and 1. Previously, it would just return it; with this change, CFFI\n raises an exception in this case. But this case means “undefined behavior”\n in C; if you really have to interface with a library relying on this,\n don’t use bool in the CFFI side. Also, it is still valid to use a byte\n string as initializer for a bool[], but now it must only contain \\x00 or\n \\x01. As an aside, ffi.string() no longer works on bool[] (but it never made\n much sense, as this function stops at the first zero).\n * ffi.buffer is now the name of cffi’s buffer type, and ffi.buffer() works\n like before but is the constructor of that type.\n * ffi.addressof(lib, 'name') now works also in in-line mode, not only in\n out-of-line mode. This is useful for taking the address of global variables.\n * Issue #255: cdata objects of a primitive type (integers, floats, char) are\n now compared and ordered by value. For example, <cdata 'int' 42> compares\n equal to 42 and <cdata 'char' b'A'> compares equal to b'A'. Unlike C,\n <cdata 'int' -1> does not compare equal to ffi.cast('unsigned int', -1): it\n compares smaller, because -1 < 4294967295.\n * PyPy: ffi.new() and ffi.new_allocator()() did not record “memory pressure”,\n causing the GC to run too infrequently if you call ffi.new() very often\n and/or with large arrays. Fixed in PyPy 5.7.\n * Support in ffi.cdef() for numeric expressions with + or -. Assumes that\n there is no overflow; it should be fixed first before we add more general\n support for arbitrary arithmetic on constants.\n\n- do not generate HTML documentation for packages that are indirect\n dependencies of Sphinx\n (see docs at https://cffi.readthedocs.org/ )\n\n- update to 1.9.1\n - Structs with variable-sized arrays as their last field: now we track the\n length of the array after ffi.new() is called, just like we always tracked\n the length of ffi.new('int[]', 42). This lets us detect out-of-range\n accesses to array items. This also lets us display a better repr(), and\n have the total size returned by ffi.sizeof() and ffi.buffer(). Previously\n both functions would return a result based on the size of the declared\n structure type, with an assumed empty array. (Thanks andrew for starting\n this refactoring.)\n - Add support in cdef()/set_source() for unspecified-length arrays in\n typedefs: typedef int foo_t[...];. It was already supported for global\n variables or structure fields.\n - I turned in v1.8 a warning from cffi/model.py into an error: 'enum xxx' has\n no values explicitly defined: refusing to guess which integer type it is\n meant to be (unsigned/signed, int/long). Now I’m turning it back to a\n warning again; it seems that guessing that the enum has size int is a\n 99%-safe bet. (But not 100%, so it stays as a warning.)\n - Fix leaks in the code handling FILE * arguments. In CPython 3 there is a\n remaining issue that is hard to fix: if you pass a Python file object to a\n FILE * argument, then os.dup() is used and the new file descriptor is only\n closed when the GC reclaims the Python file object—and not at the earlier\n time when you call close(), which only closes the original file descriptor.\n If this is an issue, you should avoid this automatic convertion of Python\n file objects: instead, explicitly manipulate file descriptors and call\n fdopen() from C (...via cffi).\n - When passing a void * argument to a function with a different pointer type,\n or vice-versa, the cast occurs automatically, like in C. The same occurs\n for initialization with ffi.new() and a few other places. However, I\n thought that char * had the same property—but I was mistaken. In C you get\n the usual warning if you try to give a char * to a char ** argument, for\n example. Sorry about the confusion. This has been fixed in CFFI by giving\n for now a warning, too. It will turn into an error in a future version.\n - Issue #283: fixed ffi.new() on structures/unions with nested anonymous\n structures/unions, when there is at least one union in the mix. When\n initialized with a list or a dict, it should now behave more closely like\n the { } syntax does in GCC.\n - CPython 3.x: experimental: the generated C extension modules now use the\n “limited API”, which means that, as a compiled .so/.dll, it should work\n directly on any version of CPython >= 3.2. The name produced by distutils\n is still version-specific. To get the version-independent name, you can\n rename it manually to NAME.abi3.so, or use the very recent setuptools 26.\n - Added ffi.compile(debug=...), similar to python setup.py build --debug but\n defaulting to True if we are running a debugging version of Python itself.\n - Removed the restriction that ffi.from_buffer() cannot be used on byte\n strings. Now you can get a char * out of a byte string, which is valid as\n long as the string object is kept alive. (But don’t use it to modify the\n string object! If you need this, use bytearray or other official\n techniques.)\n - PyPy 5.4 can now pass a byte string directly to a char * argument (in older\n versions, a copy would be made). This used to be a CPython-only\n optimization.\n - ffi.gc(p, None) removes the destructor on an object previously created by\n another call to ffi.gc()\n - bool(ffi.cast('primitive type', x)) now returns False if the value is zero\n (including -0.0), and True otherwise. Previously this would only return\n False for cdata objects of a pointer type when the pointer is NULL.\n - bytearrays: ffi.from_buffer(bytearray-object) is now supported. (The reason\n it was not supported was that it was hard to do in PyPy, but it works since\n PyPy 5.3.) To call a C function with a char * argument from a buffer\n object—now including bytearrays—you write lib.foo(ffi.from_buffer(x)).\n Additionally, this is now supported: p[0:length] = bytearray-object. The\n problem with this was that a iterating over bytearrays gives numbers\n instead of characters. (Now it is implemented with just a memcpy, of\n course, not actually iterating over the characters.)\n - C++: compiling the generated C code with C++ was supposed to work, but\n failed if you make use the bool type (because that is rendered as the C\n _Bool type, which doesn’t exist in C++).\n - help(lib) and help(lib.myfunc) now give useful information, as well as\n dir(p) where p is a struct or pointer-to-struct.\n- drop upstreamed python-cffi-avoid-bitshifting-negative-int.patch\n\n- update for multipython build\n\n- Add python-cffi-avoid-bitshifting-negative-int.patch to actually\n fix the 'negative left shift' warning by replacing bitshifting\n in appropriate places by bitwise and comparison to self; patch\n taken from upstream git. Drop cffi-1.5.2-wnoerror.patch: no\n longer required.\n\n- disable 'negative left shift' warning in test suite to prevent\n failures with gcc6, until upstream fixes the undefined code\n in question (boo#981848, cffi-1.5.2-wnoerror.patch)\n\n- Update to version 1.6.0:\n * ffi.list_types()\n * ffi.unpack()\n * extern “Python+C”\n * in API mode, lib.foo.__doc__ contains the C signature now.\n * Yet another attempt at robustness of ffi.def_extern() against\n CPython’s interpreter shutdown logic.\n\nChanges in python-pylons-sphinx-themes:\n\n- moved LICENSE.txt to docs to match old structure\n\n- specfile:\n * update copyright year\n- update to version 1.0.11:\n * Fix the width of linenos table column when used in code-blocks.\n\n- Replace %fdupes -s with plain %fdupes; hardlinks are better.\n\n- Update to version 1.0.10 (2018-09-25)\n + Add Read the Docs to the recipients of ad revenue.\n- Update to version 1.0.9 (2018-09-23)\n + Remove hyphenation because it sometimes hyphenates\n inappropriately, such as in code.\n- Update to version 1.0.8 (2018-09-21)\n + Fix support for Ethical Ads.\n- Update to version 1.0.7 (2018-09-21)\n + Added support for Ethical Ads for Read The Docs.\n See https://github.com/Pylons/pylons-sphinx-themes/pull/12\n\n- Remove superfluous devel dependency for noarch package\n\n- Update to version 1.0.6\n * Update zest.releaser in order to release to PyPI.\n- Update to version 1.0.5\n * Clean up licensing\n https://github.com/Pylons/pylons-sphinx-themes/issues/8\n\n- Provide/obsolete old pylons_sphinx_theme\n\n- Update to version 1.0.4\n * Specify line spacing for list items for only within the\n .body class.\n version 1.0.3\n * Add line spacing for list items. Closes #4.\n version 1.0.2:\n * Remove HTTPS protocol to allow either HTTPS or HTTP.\n version 1.0.1:\n * Use HTTPS for protocol of stylesheets.\n version 1.0:\n * Use zest.releaser for releasing.\n * Improve documentation.\n- Converted to single-spec\n\n- version 0.3.1: initial build\n\nChanges in python-Django:\n- Fix merge artifact in CVE-2020-13596.patch\n\n- Add CVE-2019-19844.patch (bsc#1159447, CVE-2019-19844)\n * Fix Potential account hijack via password reset form\n\n- Security fixes (bsc#1172167, bsc#1172166, CVE-2020-13254, CVE-2020-13596)\n * Added patch CVE-2020-13254.patch\n * Added patch CVE-2020-13596.patch\n\n- Set _defaultlicensedir \n\n- Fix for SG#56542, bsc#1161349:\n * Fixed CVE-2019-3498-Fixed-content-spoof.patch\n\n- Fix for SG#56542, bsc#1161349:\n * Fixed CVE-2019-3498-Fixed-content-spoof.patch\n (There was a bug in this .patch file; some code had been\n accidentally included in the backport, and this stopped the 404\n page from loading. See commit message and bug report for more\n information)\n\nChanges in python-Pillow:\n- Remove decompression_bomb.gif and relevant test case to avoid\n ClamAV scan alerts during build\n\n- Add 0008-Corrected-negative-seeks.patch\n * From upstream, backported\n * Fixes part of CVE-2019-16865, bsc#1153191\n- Add 0009-Make-Image.crop-an-immediate-operation.patch\n * From upstream, backported\n * Fixes https://github.com/python-pillow/Pillow/issues/1077\n * Used by 0012-Added-decompression-bomb-checks.patch\n- Add 0010-Crop-decompression.patch\n * From upstream, backported\n * Fixes https://github.com/python-pillow/Pillow/issues/2402\n * Used by 0012-Added-decompression-bomb-checks.patch\n- Add 0011-Added-DecompressionBombError.patch\n * From upstream, backported\n * Adds DecompressionBombError class\n * Used by 0012-Added-decompression-bomb-checks.patch\n- Add 0012-Added-decompression-bomb-checks.patch\n * From upstream, backported\n * Fixes part of CVE-2019-16865, bsc#1153191\n- Add 0013-Raise-error-if-dimension-is-a-string.patch\n * From upstream, backported\n * Fixes part of CVE-2019-16865, bsc#1153191\n- Add 0014-Catch-buffer-overruns.patch\n * From upstream, backported\n * Fixes part of CVE-2019-16865, bsc#1153191\n- Add 0015-Catch-PCX-P-mode-buffer-overrun.patch\n * From upstream, backported\n * Fixes CVE-2020-5312, bsc#1160152\n- Add 0016-Ensure-previous-FLI-frame-is-loaded.patch\n * From upstream, backported\n * Fixes https://github.com/python-pillow/Pillow/issues/2649\n * Uncovers CVE-2020-5313, bsc#1160153\n- Add 0017-Catch-FLI-buffer-overrun.patch\n * From upstream, backported\n * Fixes CVE-2020-5313, bsc#1160153\n- Add 018-Invalid-number-of-bands-in-FPX-image.patch\n * From upstream, backported\n * Fixes CVE-2019-19911, bsc#1160192\n\nChanges in python-psql2mysql:\n- Update to version 0.5.0+git.1589351878.4ef877c:\n * Do not fail on instance_info length, it is expected to be LONGTEXT\n\n- Update to version 0.5.0+git.1582192453.98e9561:\n * Neutron drivers use own naming for alembic migrations, e.g. cisco_alembic_version, aci_alembic_version, etc depending on driver.\n\nChanges in python-psutil:\n- Add bsc1156525-CVE-2019-18874.patch (bsc#1156525, CVE-2019-18874)\n\nChanges in python-py:\n- update to version 1.5.2\n-----------------------------------------------------------------\n- update to version 1.4.33\n\nChanges in python-py:\n- update to version 1.5.2:\n * fix #169, #170: error importing py.log on Windows: no module named\n 'syslog'.\n- changes from version 1.5.1:\n * fix #167 - prevent pip from installing py in unsupported Python\n versions.\n- changes from version 1.5.0:\n * python 2.6 and 3.3 are no longer supported\n * deprecate py.std and remove all internal uses\n * fix #73 turn py.error into an actual module\n * path join to / no longer produces leading double slashes\n * fix #82 - remove unsupportable aliases\n * fix python37 compatibility of path.sysfind on windows by correctly\n replacing vars\n * turn iniconfig and apipkg into vendored packages and ease\n de-vendoring for distributions\n * fix #68 remove invalid py.test.ensuretemp references\n * fix #25 - deprecate path.listdir(sort=callable)\n * add TerminalWriter.chars_on_current_line read-only property that\n tracks how many characters have been written to the current line.\n- changes from version 1.4.34\n * fix issue119 / pytest issue708 where tmpdir may fail to make\n numbered directories when the filesystem is case-insensitive.\n\n- update to version 1.4.33:\n * avoid imports in calls to py.path.local().fnmatch(). Thanks\n Andreas Pelme for the PR.\n * fix issue106: Naive unicode encoding when calling fspath() in\n python2. Thanks Tiago Nobrega for the PR.\n * fix issue110: unittest.TestCase.assertWarns fails with py\n imported.\n- changes from version 1.4.32\n * fix issue70: aded ability to copy all stat info in\n py.path.local.copy.\n * make TerminalWriter.fullwidth a property. This results in the\n correct value when the terminal gets resized.\n * update supported html tags to include recent additions.\n Thanks Denis Afonso for the PR.\n * Remove internal code in ``Source.compile`` meant to support\n earlier Python 3 versions that produced the side effect\n of leaving ``None`` in ``sys.modules`` when called (see\n pytest-dev/pytest#2103). Thanks Bruno Oliveira for the PR.\n\nChanges in python-pysaml2:\n- Add 0001-Always-generate-a-random-IV-for-AES-operations.patch\n (CVE-2017-1000246, bsc#1068612)\n\n- Add 0001-Fix-XML-Signature-Wrapping-XSW-vulnerabilities.patch\n (CVE-2020-5390, bsc#1160851)\n\nChanges in python-waitress:\n- update to 1.4.3 to include fixes for:\n * CVE-2019-16785 / bsc#1161088\n * CVE-2019-16786 / bsc#1161089\n * CVE-2019-16789 / bsc#1160790\n * CVE-2019-16792 / bsc#1161670\n\n- moved LICENSE.txt to docs to match old structure \n\n- make sure UTF8 locale is used when runnning tests\n * Sometimes functional tests executed in python3 failed if stdout was not\n set to UTF-8. The error message was:\n ValueError: underlying buffer has been detached\n\n- %python3_only -> %python_alternative\n\n- update to 1.4.3\n * Waitress did not properly validate that the HTTP headers it received \n were properly formed, thereby potentially allowing a front-end server \n to treat a request different from Waitress. This could lead to HTTP \n request smuggling/splitting.\n- drop patch local-intersphinx-inventories.patch\n * it was commented out, anyway\n\n- update to 1.4.0:\n - Waitress used to slam the door shut on HTTP pipelined requests without\n setting the ``Connection: close`` header as appropriate in the response. This\n is of course not very friendly. Waitress now explicitly sets the header when\n responding with an internally generated error such as 400 Bad Request or 500\n Internal Server Error to notify the remote client that it will be closing the\n connection after the response is sent.\n - Waitress no longer allows any spaces to exist between the header field-name\n and the colon. While waitress did not strip the space and thereby was not\n vulnerable to any potential header field-name confusion, it should have sent\n back a 400 Bad Request. See https://github.com/Pylons/waitress/issues/273\n - CRLR handling Security fixes\n\n- update to 1.3.1\n * Waitress won’t accidentally throw away part of the path if it \n starts with a double slash\n\n- version update to 1.3.0\n Deprecations\n ~~~~~~~~~~~~\n - The ``send_bytes`` adjustment now defaults to ``1`` and is deprecated\n pending removal in a future release.\n and https://github.com/Pylons/waitress/pull/246\n Features\n ~~~~~~~~\n - Add a new ``outbuf_high_watermark`` adjustment which is used to apply\n backpressure on the ``app_iter`` to avoid letting it spin faster than data\n can be written to the socket. This stabilizes responses that iterate quickly\n with a lot of data.\n See https://github.com/Pylons/waitress/pull/242\n - Stop early and close the ``app_iter`` when attempting to write to a closed\n socket due to a client disconnect. This should notify a long-lived streaming\n response when a client hangs up.\n See https://github.com/Pylons/waitress/pull/238\n and https://github.com/Pylons/waitress/pull/240\n and https://github.com/Pylons/waitress/pull/241\n - Adjust the flush to output ``SO_SNDBUF`` bytes instead of whatever was\n set in the ``send_bytes`` adjustment. ``send_bytes`` now only controls how\n much waitress will buffer internally before flushing to the kernel, whereas\n previously it used to also throttle how much data was sent to the kernel.\n This change enables a streaming ``app_iter`` containing small chunks to\n still be flushed efficiently.\n See https://github.com/Pylons/waitress/pull/246\n Bugfixes\n ~~~~~~~~\n - Upon receiving a request that does not include HTTP/1.0 or HTTP/1.1 we will\n no longer set the version to the string value 'None'. See\n https://github.com/Pylons/waitress/pull/252 and\n https://github.com/Pylons/waitress/issues/110\n - When a client closes a socket unexpectedly there was potential for memory\n leaks in which data was written to the buffers after they were closed,\n causing them to reopen.\n See https://github.com/Pylons/waitress/pull/239\n - Fix the queue depth warnings to only show when all threads are busy.\n See https://github.com/Pylons/waitress/pull/243\n and https://github.com/Pylons/waitress/pull/247\n - Trigger the ``app_iter`` to close as part of shutdown. This will only be\n noticeable for users of the internal server api. In more typical operations\n the server will die before benefiting from these changes.\n See https://github.com/Pylons/waitress/pull/245\n - Fix a bug in which a streaming ``app_iter`` may never cleanup data that has\n already been sent. This would cause buffers in waitress to grow without\n bounds. These buffers now properly rotate and release their data.\n See https://github.com/Pylons/waitress/pull/242\n - Fix a bug in which non-seekable subclasses of ``io.IOBase`` would trigger\n an exception when passed to the ``wsgi.file_wrapper`` callback.\n See https://github.com/Pylons/waitress/pull/249\n\n- Trim marketing wording and other platform mentions.\n\n- Add fetch-intersphinx-inventories.sh to sources\n- Add local-intersphinx-inventories.patch for generating the docs\n correctly\n\n- update to version 1.2.1:\n too many changes to list here, see:\n https://github.com/Pylons/waitress/blob/master/CHANGES.txt\n or even:\n https://github.com/Pylons/waitress/commits/master\n\n- Remove superfluous devel dependency for noarch package\n\n- update to version 1.1.0:\n * Features\n + Waitress now has a __main__ and thus may be called with 'python\n -mwaitress'\n * Bugfixes\n + Waitress no longer allows lowercase HTTP verbs. This change was\n made to fall in line with most HTTP servers. See\n https://github.com/Pylons/waitress/pull/170\n + When receiving non-ascii bytes in the request URL, waitress will\n no longer abruptly close the connection, instead returning a 400\n Bad Request. See https://github.com/Pylons/waitress/pull/162 and\n https://github.com/Pylons/waitress/issues/64\n\n- Update to 1.0.2\n * Python 3.6 is now officially supported in Waitress\n * Add a work-around for libc issue on Linux not following the\n documented standards. If getnameinfo() fails because of DNS not\n being available it should return the IP address instead of the\n reverse DNS entry, however instead getnameinfo() raises. We\n catch this, and ask getnameinfo() for the same information\n again, explicitly asking for IP address instead of reverse\n DNS hostname.\n- Implement single-spec version.\n- Fix source URL.\n\n- update to 1.0.1:\n - IPv6 support on Windows was broken due to missing constants in the socket\n module. This has been resolved by setting the constants on Windows if they\n are missing. See https://github.com/Pylons/waitress/issues/138\n - A ValueError was raised on Windows when passing a string for the port, on\n Windows in Python 2 using service names instead of port numbers doesn't work\n with `getaddrinfo`. This has been resolved by attempting to convert the port\n number to an integer, if that fails a ValueError will be raised. See\n https://github.com/Pylons/waitress/issues/139\n - Removed `AI_ADDRCONFIG` from the call to `getaddrinfo`, this resolves an\n issue whereby `getaddrinfo` wouldn't return any addresses to `bind` to on\n hosts where there is no internet connection but localhost is requested to be\n bound to. See https://github.com/Pylons/waitress/issues/131 for more\n information.\n- disable tests. need network access.\n\nChanges in rabbitmq-server:\n- Apply patches to resolve CVE-2017-4967,CVE-2017-4965 (bsc#1037777)\n 0001-Escape-HTML-tags-in-policy-definition-fields.patch\n 0002-Don-t-echo-provided-encoding-value-back.patch\n 0003-Strip-off-pids-and-format-consumer-details-for-2-end.patch\n 0004-Format-Web-contexts.patch\n\nChanges in release-notes-suse-openstack-cloud:\n- Switch github URL from git@ to https:// to bypass authentication \n\nChanges in rubygem-activeresource:\n- Add bsc#1171560-CVE-2020-8151-encode-id-param.patch\n Prevent possible information disclosure issue that could allow\n an attacker to create specially crafted requests to access data\n in an unexpected way (bsc#1171560 CVE-2020-8151)) \n\nChanges in rubygem-crowbar-client:\n- Update to 3.9.2\n - Enable SES commands in Cloud8 (SOC-11122)\n\nChanges in rubygem-json-1_7:\n- Add CVE-2020-10663.patch (CVE-2020-10663, bsc#1167244)\n\nChanges in rubygem-puma:\n- Fix indentation in gem2rpm.yml \n\n- Add CVE-2020-11077.patch (bsc#1172175, CVE-2020-11077)\n- Add chunked-request-handling.patch (needed for CVE-2020-11076.patch)\n- Add CVE-2020-11076.patch (bsc#1172176, CVE-2020-11076)\n- Add all patches to gem2rpm.yml\n\n- Add CVE-2020-5247.patch (bsc#1165402)\n 'Fixes a problem where we were not splitting newlines in headers\n according to Rack spec'\n The patch is reduced compared to the upstream version, which was\n patching also the parts that are not implemented in our old Puma\n version. This applies to unit test as well.\n\nChanges in zookeeper:\n- Apply 0002-Apply-patch-to-resolve-CVE-2019-0201.patch\n This applies the patch for ZOOKEEPER-1392 to resolve CVE-2019-0201\n Should not allow to read ACL when not authorized to read node \n (bsc#1135773)\n\n- Various cleanups in spec file\n\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2020-2072,SUSE-OpenStack-Cloud-7-2020-2072", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-ru-2020_2072-1.json", }, { category: "self", summary: "URL for SUSE-RU-2020:2072-1", url: "https://www.suse.com/support/update/announcement//suse-ru-20202072-1/", }, { category: "self", summary: "E-Mail link for SUSE-RU-2020:2072-1", url: "https://lists.suse.com/pipermail/sle-updates/2020-July/015563.html", }, { category: "self", summary: "SUSE Bug 1037777", url: "https://bugzilla.suse.com/1037777", }, { category: "self", summary: "SUSE Bug 1068612", url: "https://bugzilla.suse.com/1068612", }, { category: "self", summary: "SUSE Bug 1069468", url: "https://bugzilla.suse.com/1069468", }, { category: "self", summary: "SUSE Bug 1070737", url: "https://bugzilla.suse.com/1070737", }, { category: "self", summary: "SUSE Bug 1077718", url: "https://bugzilla.suse.com/1077718", }, { category: "self", summary: "SUSE Bug 1083903", url: "https://bugzilla.suse.com/1083903", }, { category: "self", summary: "SUSE Bug 1111657", url: "https://bugzilla.suse.com/1111657", }, { category: "self", summary: "SUSE Bug 1126503", url: "https://bugzilla.suse.com/1126503", }, { category: "self", summary: "SUSE Bug 1133817", url: "https://bugzilla.suse.com/1133817", }, { category: "self", summary: "SUSE Bug 1135773", url: "https://bugzilla.suse.com/1135773", }, { category: "self", summary: "SUSE Bug 1138748", url: "https://bugzilla.suse.com/1138748", }, { category: "self", summary: "SUSE Bug 1148383", url: "https://bugzilla.suse.com/1148383", }, { category: "self", summary: "SUSE Bug 1149110", url: "https://bugzilla.suse.com/1149110", }, { category: "self", summary: "SUSE Bug 1149535", url: "https://bugzilla.suse.com/1149535", }, { category: "self", summary: "SUSE Bug 1153191", url: "https://bugzilla.suse.com/1153191", }, { category: "self", summary: "SUSE Bug 1156525", url: "https://bugzilla.suse.com/1156525", }, { category: "self", summary: "SUSE Bug 1159447", url: "https://bugzilla.suse.com/1159447", }, { category: "self", summary: "SUSE Bug 1160152", url: "https://bugzilla.suse.com/1160152", }, { category: "self", summary: "SUSE Bug 1160153", url: "https://bugzilla.suse.com/1160153", }, { category: "self", summary: "SUSE Bug 1160192", url: "https://bugzilla.suse.com/1160192", }, { category: "self", summary: "SUSE Bug 1160790", url: "https://bugzilla.suse.com/1160790", }, { category: "self", summary: "SUSE Bug 1160851", url: "https://bugzilla.suse.com/1160851", }, { category: "self", summary: "SUSE Bug 1161088", url: "https://bugzilla.suse.com/1161088", }, { category: "self", summary: "SUSE Bug 1161089", url: "https://bugzilla.suse.com/1161089", }, { category: "self", summary: "SUSE Bug 1161349", url: "https://bugzilla.suse.com/1161349", }, { category: "self", summary: "SUSE Bug 1161670", url: "https://bugzilla.suse.com/1161670", }, { category: "self", summary: "SUSE Bug 1164316", url: "https://bugzilla.suse.com/1164316", }, { category: "self", summary: "SUSE Bug 1165402", url: "https://bugzilla.suse.com/1165402", }, { category: "self", summary: "SUSE Bug 1167244", url: "https://bugzilla.suse.com/1167244", }, { category: "self", summary: "SUSE Bug 1170657", url: "https://bugzilla.suse.com/1170657", }, { category: "self", summary: "SUSE Bug 1171560", url: "https://bugzilla.suse.com/1171560", }, { category: "self", summary: "SUSE Bug 1171909", url: "https://bugzilla.suse.com/1171909", }, { category: "self", summary: "SUSE Bug 1172166", url: "https://bugzilla.suse.com/1172166", }, { category: "self", summary: "SUSE Bug 1172167", url: "https://bugzilla.suse.com/1172167", }, { category: "self", summary: "SUSE Bug 1172175", url: "https://bugzilla.suse.com/1172175", }, { category: "self", summary: "SUSE Bug 1172176", url: "https://bugzilla.suse.com/1172176", }, { category: "self", summary: "SUSE Bug 1172409", url: "https://bugzilla.suse.com/1172409", }, { category: "self", summary: "SUSE Bug 948198", url: "https://bugzilla.suse.com/948198", }, { category: "self", summary: "SUSE Bug 981848", url: "https://bugzilla.suse.com/981848", }, { category: "self", summary: "SUSE CVE CVE-2017-1000246 page", url: "https://www.suse.com/security/cve/CVE-2017-1000246/", }, { category: "self", summary: "SUSE CVE CVE-2017-4965 page", url: "https://www.suse.com/security/cve/CVE-2017-4965/", }, { category: "self", summary: "SUSE CVE CVE-2017-4967 page", url: "https://www.suse.com/security/cve/CVE-2017-4967/", }, { category: "self", summary: "SUSE CVE CVE-2018-1000115 page", url: "https://www.suse.com/security/cve/CVE-2018-1000115/", }, { category: "self", summary: "SUSE CVE CVE-2019-0201 page", url: "https://www.suse.com/security/cve/CVE-2019-0201/", }, { category: "self", summary: "SUSE CVE CVE-2019-11596 page", url: "https://www.suse.com/security/cve/CVE-2019-11596/", }, { category: "self", summary: "SUSE CVE CVE-2019-15026 page", url: "https://www.suse.com/security/cve/CVE-2019-15026/", }, { category: "self", summary: "SUSE CVE CVE-2019-15043 page", url: "https://www.suse.com/security/cve/CVE-2019-15043/", }, { category: "self", summary: "SUSE CVE CVE-2019-16785 page", url: "https://www.suse.com/security/cve/CVE-2019-16785/", }, { category: "self", summary: "SUSE CVE CVE-2019-16786 page", url: "https://www.suse.com/security/cve/CVE-2019-16786/", }, { category: "self", summary: "SUSE CVE CVE-2019-16789 page", url: "https://www.suse.com/security/cve/CVE-2019-16789/", }, { category: "self", summary: "SUSE CVE CVE-2019-16792 page", url: "https://www.suse.com/security/cve/CVE-2019-16792/", }, { category: "self", summary: "SUSE CVE CVE-2019-16865 page", url: "https://www.suse.com/security/cve/CVE-2019-16865/", }, { category: "self", summary: "SUSE CVE CVE-2019-18874 page", url: "https://www.suse.com/security/cve/CVE-2019-18874/", }, { category: "self", summary: "SUSE CVE CVE-2019-19844 page", url: "https://www.suse.com/security/cve/CVE-2019-19844/", }, { category: "self", summary: "SUSE CVE CVE-2019-19911 page", url: "https://www.suse.com/security/cve/CVE-2019-19911/", }, { category: "self", summary: "SUSE CVE CVE-2019-3498 page", url: "https://www.suse.com/security/cve/CVE-2019-3498/", }, { category: "self", summary: "SUSE CVE CVE-2019-3828 page", url: "https://www.suse.com/security/cve/CVE-2019-3828/", }, { category: "self", summary: "SUSE CVE CVE-2020-10663 page", url: "https://www.suse.com/security/cve/CVE-2020-10663/", }, { category: "self", summary: "SUSE CVE CVE-2020-10743 page", url: "https://www.suse.com/security/cve/CVE-2020-10743/", }, { category: "self", summary: "SUSE CVE CVE-2020-11076 page", url: "https://www.suse.com/security/cve/CVE-2020-11076/", }, { category: "self", summary: "SUSE CVE CVE-2020-11077 page", url: "https://www.suse.com/security/cve/CVE-2020-11077/", }, { category: "self", summary: "SUSE CVE CVE-2020-12052 page", url: "https://www.suse.com/security/cve/CVE-2020-12052/", }, { category: "self", summary: "SUSE CVE CVE-2020-13254 page", url: "https://www.suse.com/security/cve/CVE-2020-13254/", }, { category: "self", summary: "SUSE CVE CVE-2020-13379 page", url: "https://www.suse.com/security/cve/CVE-2020-13379/", }, { category: "self", summary: "SUSE CVE CVE-2020-13596 page", url: "https://www.suse.com/security/cve/CVE-2020-13596/", }, { category: "self", summary: "SUSE CVE CVE-2020-5247 page", url: "https://www.suse.com/security/cve/CVE-2020-5247/", }, { category: "self", summary: "SUSE CVE CVE-2020-5312 page", url: "https://www.suse.com/security/cve/CVE-2020-5312/", }, { category: "self", summary: "SUSE CVE CVE-2020-5313 page", url: "https://www.suse.com/security/cve/CVE-2020-5313/", }, { category: "self", summary: "SUSE CVE CVE-2020-5390 page", url: "https://www.suse.com/security/cve/CVE-2020-5390/", }, { category: "self", summary: "SUSE CVE CVE-2020-8151 page", url: "https://www.suse.com/security/cve/CVE-2020-8151/", }, ], title: "Security update for ansible, crowbar-core, crowbar-ha, crowbar-openstack, etcd, flannel, grafana, keepalived, kibana, memcached, monasca-installer, openstack-dashboard-theme-SUSE, openstack-manila, openstack-neutron-fwaas, openstack-nova, openstack-tempest, python-Django, python-Pillow, python-psql2mysql, python-psutil, python-py, python-pysaml2, python-waitress, rabbitmq-server, release-notes-suse-openstack-cloud, zookeeper", tracking: { current_release_date: "2020-07-29T14:31:35Z", generator: { date: "2020-07-29T14:31:35Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-RU-2020:2072-1", initial_release_date: "2020-07-29T14:31:35Z", revision_history: [ { date: "2020-07-29T14:31:35Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.aarch64", product: { name: "crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.aarch64", product_id: "crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.aarch64", }, }, { category: "product_version", name: "crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.aarch64", product: { name: "crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.aarch64", product_id: "crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.aarch64", }, }, { category: "product_version", name: "crowbar-core-devel-4.0+git.1580209654.1d112d31f-9.66.5.aarch64", product: { name: "crowbar-core-devel-4.0+git.1580209654.1d112d31f-9.66.5.aarch64", product_id: "crowbar-core-devel-4.0+git.1580209654.1d112d31f-9.66.5.aarch64", }, }, { category: "product_version", name: "erlang-rabbitmq-client-3.4.4-3.16.1.aarch64", product: { name: "erlang-rabbitmq-client-3.4.4-3.16.1.aarch64", product_id: "erlang-rabbitmq-client-3.4.4-3.16.1.aarch64", }, }, { category: "product_version", name: "grafana-4.6.5-1.14.1.aarch64", product: { name: "grafana-4.6.5-1.14.1.aarch64", product_id: "grafana-4.6.5-1.14.1.aarch64", }, }, { category: "product_version", name: "keepalived-2.0.19-1.8.1.aarch64", product: { name: "keepalived-2.0.19-1.8.1.aarch64", product_id: "keepalived-2.0.19-1.8.1.aarch64", }, }, { category: "product_version", name: "kibana-4.6.3-5.1.aarch64", product: { name: "kibana-4.6.3-5.1.aarch64", product_id: "kibana-4.6.3-5.1.aarch64", }, }, { category: "product_version", name: "libzookeeper2-3.4.10-6.1.aarch64", product: { name: "libzookeeper2-3.4.10-6.1.aarch64", product_id: "libzookeeper2-3.4.10-6.1.aarch64", }, }, { category: "product_version", name: "libzookeeper2-devel-3.4.10-6.1.aarch64", product: { name: "libzookeeper2-devel-3.4.10-6.1.aarch64", product_id: "libzookeeper2-devel-3.4.10-6.1.aarch64", }, }, { category: "product_version", name: "memcached-1.5.17-3.6.1.aarch64", product: { name: "memcached-1.5.17-3.6.1.aarch64", product_id: "memcached-1.5.17-3.6.1.aarch64", }, }, { category: "product_version", name: "memcached-devel-1.5.17-3.6.1.aarch64", product: { name: "memcached-devel-1.5.17-3.6.1.aarch64", product_id: "memcached-devel-1.5.17-3.6.1.aarch64", }, }, { category: "product_version", name: "python-Pillow-2.8.1-4.12.1.aarch64", product: { name: "python-Pillow-2.8.1-4.12.1.aarch64", product_id: "python-Pillow-2.8.1-4.12.1.aarch64", }, }, { category: "product_version", name: "python-Pillow-tk-2.8.1-4.12.1.aarch64", product: { name: "python-Pillow-tk-2.8.1-4.12.1.aarch64", product_id: "python-Pillow-tk-2.8.1-4.12.1.aarch64", }, }, { category: "product_version", name: "python-psutil-1.2.1-21.1.aarch64", product: { name: "python-psutil-1.2.1-21.1.aarch64", product_id: "python-psutil-1.2.1-21.1.aarch64", }, }, { category: "product_version", name: "python3-psutil-1.2.1-21.1.aarch64", product: { name: "python3-psutil-1.2.1-21.1.aarch64", product_id: "python3-psutil-1.2.1-21.1.aarch64", }, }, { category: "product_version", name: "rabbitmq-server-3.4.4-3.16.1.aarch64", product: { name: "rabbitmq-server-3.4.4-3.16.1.aarch64", product_id: "rabbitmq-server-3.4.4-3.16.1.aarch64", }, }, { category: "product_version", name: "rabbitmq-server-plugins-3.4.4-3.16.1.aarch64", product: { name: "rabbitmq-server-plugins-3.4.4-3.16.1.aarch64", product_id: "rabbitmq-server-plugins-3.4.4-3.16.1.aarch64", }, }, { category: "product_version", name: "ruby2.1-rubygem-activeresource-4.0.0-3.3.1.aarch64", product: { name: "ruby2.1-rubygem-activeresource-4.0.0-3.3.1.aarch64", product_id: "ruby2.1-rubygem-activeresource-4.0.0-3.3.1.aarch64", }, }, { category: "product_version", name: "ruby2.1-rubygem-activeresource-doc-4.0.0-3.3.1.aarch64", product: { name: "ruby2.1-rubygem-activeresource-doc-4.0.0-3.3.1.aarch64", product_id: "ruby2.1-rubygem-activeresource-doc-4.0.0-3.3.1.aarch64", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.aarch64", product: { name: "ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.aarch64", product_id: "ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.aarch64", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-doc-3.9.2-7.20.1.aarch64", product: { name: "ruby2.1-rubygem-crowbar-client-doc-3.9.2-7.20.1.aarch64", product_id: "ruby2.1-rubygem-crowbar-client-doc-3.9.2-7.20.1.aarch64", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.2-7.20.1.aarch64", product: { name: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.2-7.20.1.aarch64", product_id: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.2-7.20.1.aarch64", }, }, { category: "product_version", name: "ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.aarch64", product: { name: "ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.aarch64", product_id: "ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.aarch64", }, }, { category: "product_version", name: "ruby2.1-rubygem-puma-2.16.0-4.6.1.aarch64", product: { name: "ruby2.1-rubygem-puma-2.16.0-4.6.1.aarch64", product_id: "ruby2.1-rubygem-puma-2.16.0-4.6.1.aarch64", }, }, { category: "product_version", name: "ruby2.1-rubygem-puma-doc-2.16.0-4.6.1.aarch64", product: { name: "ruby2.1-rubygem-puma-doc-2.16.0-4.6.1.aarch64", product_id: "ruby2.1-rubygem-puma-doc-2.16.0-4.6.1.aarch64", }, }, { category: "product_version", name: "zookeeper-client-3.4.10-6.1.aarch64", product: { name: "zookeeper-client-3.4.10-6.1.aarch64", product_id: "zookeeper-client-3.4.10-6.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "ansible-2.2.3.0-12.2.noarch", product: { name: "ansible-2.2.3.0-12.2.noarch", product_id: "ansible-2.2.3.0-12.2.noarch", }, }, { category: "product_version", name: "crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", product: { name: "crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", product_id: "crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", }, }, { category: "product_version", name: "crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", product: { name: "crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", product_id: "crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", }, }, { category: "product_version", name: "monasca-installer-20180608_12.47-12.1.noarch", product: { name: "monasca-installer-20180608_12.47-12.1.noarch", product_id: "monasca-installer-20180608_12.47-12.1.noarch", }, }, { category: "product_version", name: "openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", product: { name: "openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", product_id: "openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", }, }, { category: "product_version", name: "openstack-manila-3.0.1~dev30-4.12.2.noarch", product: { name: "openstack-manila-3.0.1~dev30-4.12.2.noarch", product_id: "openstack-manila-3.0.1~dev30-4.12.2.noarch", }, }, { category: "product_version", name: "openstack-manila-api-3.0.1~dev30-4.12.2.noarch", product: { name: "openstack-manila-api-3.0.1~dev30-4.12.2.noarch", product_id: "openstack-manila-api-3.0.1~dev30-4.12.2.noarch", }, }, { category: "product_version", name: "openstack-manila-data-3.0.1~dev30-4.12.2.noarch", product: { name: "openstack-manila-data-3.0.1~dev30-4.12.2.noarch", product_id: "openstack-manila-data-3.0.1~dev30-4.12.2.noarch", }, }, { category: "product_version", name: "openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", product: { name: "openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", product_id: "openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", }, }, { category: "product_version", name: "openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", product: { name: "openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", product_id: "openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", }, }, { category: "product_version", name: "openstack-manila-share-3.0.1~dev30-4.12.2.noarch", product: { name: "openstack-manila-share-3.0.1~dev30-4.12.2.noarch", product_id: "openstack-manila-share-3.0.1~dev30-4.12.2.noarch", }, }, { category: "product_version", name: "openstack-manila-test-3.0.1~dev30-4.12.2.noarch", product: { name: "openstack-manila-test-3.0.1~dev30-4.12.2.noarch", product_id: "openstack-manila-test-3.0.1~dev30-4.12.2.noarch", }, }, { category: "product_version", name: "openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", product: { name: "openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", product_id: "openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", }, }, { category: "product_version", name: "openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", product: { name: "openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", product_id: "openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", }, }, { category: "product_version", name: "openstack-neutron-fwaas-test-9.0.2~dev5-4.9.3.noarch", product: { name: "openstack-neutron-fwaas-test-9.0.2~dev5-4.9.3.noarch", product_id: "openstack-neutron-fwaas-test-9.0.2~dev5-4.9.3.noarch", }, }, { category: "product_version", name: "openstack-nova-14.0.11~dev13-4.40.2.noarch", product: { name: "openstack-nova-14.0.11~dev13-4.40.2.noarch", product_id: "openstack-nova-14.0.11~dev13-4.40.2.noarch", }, }, { category: "product_version", name: "openstack-nova-api-14.0.11~dev13-4.40.2.noarch", product: { name: "openstack-nova-api-14.0.11~dev13-4.40.2.noarch", product_id: "openstack-nova-api-14.0.11~dev13-4.40.2.noarch", }, }, { category: "product_version", name: "openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", product: { name: "openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", product_id: "openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", }, }, { category: "product_version", name: "openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", product: { name: "openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", product_id: "openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", }, }, { category: "product_version", name: "openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", product: { name: "openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", product_id: "openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", }, }, { category: "product_version", name: "openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", product: { name: "openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", product_id: "openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", }, }, { category: "product_version", name: "openstack-nova-console-14.0.11~dev13-4.40.2.noarch", product: { name: "openstack-nova-console-14.0.11~dev13-4.40.2.noarch", product_id: "openstack-nova-console-14.0.11~dev13-4.40.2.noarch", }, }, { category: "product_version", name: "openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", product: { name: "openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", product_id: "openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", }, }, { category: "product_version", name: "openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", product: { name: "openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", product_id: "openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", }, }, { category: "product_version", name: "openstack-nova-network-14.0.11~dev13-4.40.2.noarch", product: { name: "openstack-nova-network-14.0.11~dev13-4.40.2.noarch", product_id: "openstack-nova-network-14.0.11~dev13-4.40.2.noarch", }, }, { category: "product_version", name: "openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", product: { name: "openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", product_id: "openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", }, }, { category: "product_version", name: "openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", product: { name: "openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", product_id: "openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", }, }, { category: "product_version", name: "openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", product: { name: "openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", product_id: "openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", }, }, { category: "product_version", name: "openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", product: { name: "openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", product_id: "openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", }, }, { category: "product_version", name: "openstack-nova-test-14.0.11~dev13-4.40.2.noarch", product: { name: "openstack-nova-test-14.0.11~dev13-4.40.2.noarch", product_id: "openstack-nova-test-14.0.11~dev13-4.40.2.noarch", }, }, { category: "product_version", name: "openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", product: { name: "openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", product_id: "openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", }, }, { category: "product_version", name: "openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", product: { name: "openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", product_id: "openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", }, }, { category: "product_version", name: "openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", product: { name: "openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", product_id: "openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", }, }, { category: "product_version", name: "openstack-xen-plugins-14.0.11~dev13-4.40.2.noarch", product: { name: "openstack-xen-plugins-14.0.11~dev13-4.40.2.noarch", product_id: "openstack-xen-plugins-14.0.11~dev13-4.40.2.noarch", }, }, { category: "product_version", name: "python-Django-1.8.19-3.23.1.noarch", product: { name: "python-Django-1.8.19-3.23.1.noarch", product_id: "python-Django-1.8.19-3.23.1.noarch", }, }, { category: "product_version", name: "python-manila-3.0.1~dev30-4.12.2.noarch", product: { name: "python-manila-3.0.1~dev30-4.12.2.noarch", product_id: "python-manila-3.0.1~dev30-4.12.2.noarch", }, }, { category: "product_version", name: "python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", product: { name: "python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", product_id: "python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", }, }, { category: "product_version", name: "python-nova-14.0.11~dev13-4.40.2.noarch", product: { name: "python-nova-14.0.11~dev13-4.40.2.noarch", product_id: "python-nova-14.0.11~dev13-4.40.2.noarch", }, }, { category: "product_version", name: "python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", product: { name: "python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", product_id: "python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", }, }, { category: "product_version", name: "python-py-1.8.1-11.12.1.noarch", product: { name: "python-py-1.8.1-11.12.1.noarch", product_id: "python-py-1.8.1-11.12.1.noarch", }, }, { category: "product_version", name: "python-pylons-sphinx-themes-1.0.11-1.3.1.noarch", product: { name: "python-pylons-sphinx-themes-1.0.11-1.3.1.noarch", product_id: "python-pylons-sphinx-themes-1.0.11-1.3.1.noarch", }, }, { category: "product_version", name: "python-pysaml2-4.0.2-3.17.1.noarch", product: { name: "python-pysaml2-4.0.2-3.17.1.noarch", product_id: "python-pysaml2-4.0.2-3.17.1.noarch", }, }, { category: "product_version", name: "python-tempest-12.2.1~a0~dev177-4.9.1.noarch", product: { name: "python-tempest-12.2.1~a0~dev177-4.9.1.noarch", product_id: "python-tempest-12.2.1~a0~dev177-4.9.1.noarch", }, }, { category: "product_version", name: "python-waitress-1.4.3-3.3.1.noarch", product: { name: "python-waitress-1.4.3-3.3.1.noarch", product_id: "python-waitress-1.4.3-3.3.1.noarch", }, }, { category: "product_version", name: "python-waitress-doc-1.4.3-3.3.1.noarch", product: { name: "python-waitress-doc-1.4.3-3.3.1.noarch", product_id: "python-waitress-doc-1.4.3-3.3.1.noarch", }, }, { category: "product_version", name: "python3-py-1.8.1-11.12.1.noarch", product: { name: "python3-py-1.8.1-11.12.1.noarch", product_id: "python3-py-1.8.1-11.12.1.noarch", }, }, { category: "product_version", name: "python3-waitress-1.4.3-3.3.1.noarch", product: { name: "python3-waitress-1.4.3-3.3.1.noarch", product_id: "python3-waitress-1.4.3-3.3.1.noarch", }, }, { category: "product_version", name: "python3-waitress-doc-1.4.3-3.3.1.noarch", product: { name: "python3-waitress-doc-1.4.3-3.3.1.noarch", product_id: "python3-waitress-doc-1.4.3-3.3.1.noarch", }, }, { category: "product_version", name: "release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", product: { name: "release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", product_id: "release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", }, }, { category: "product_version", name: "zookeeper-server-3.4.10-6.1.noarch", product: { name: "zookeeper-server-3.4.10-6.1.noarch", product_id: "zookeeper-server-3.4.10-6.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.ppc64le", product: { name: "crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.ppc64le", product_id: "crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.ppc64le", }, }, { category: "product_version", name: "crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.ppc64le", product: { name: "crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.ppc64le", product_id: "crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.ppc64le", }, }, { category: "product_version", name: "crowbar-core-devel-4.0+git.1580209654.1d112d31f-9.66.5.ppc64le", product: { name: "crowbar-core-devel-4.0+git.1580209654.1d112d31f-9.66.5.ppc64le", product_id: "crowbar-core-devel-4.0+git.1580209654.1d112d31f-9.66.5.ppc64le", }, }, { category: "product_version", name: "erlang-rabbitmq-client-3.4.4-3.16.1.ppc64le", product: { name: "erlang-rabbitmq-client-3.4.4-3.16.1.ppc64le", product_id: "erlang-rabbitmq-client-3.4.4-3.16.1.ppc64le", }, }, { category: "product_version", name: "grafana-4.6.5-1.14.1.ppc64le", product: { name: "grafana-4.6.5-1.14.1.ppc64le", product_id: "grafana-4.6.5-1.14.1.ppc64le", }, }, { category: "product_version", name: "keepalived-2.0.19-1.8.1.ppc64le", product: { name: "keepalived-2.0.19-1.8.1.ppc64le", product_id: "keepalived-2.0.19-1.8.1.ppc64le", }, }, { category: "product_version", name: "kibana-4.6.3-5.1.ppc64le", product: { name: "kibana-4.6.3-5.1.ppc64le", product_id: "kibana-4.6.3-5.1.ppc64le", }, }, { category: "product_version", name: "libzookeeper2-3.4.10-6.1.ppc64le", product: { name: "libzookeeper2-3.4.10-6.1.ppc64le", product_id: "libzookeeper2-3.4.10-6.1.ppc64le", }, }, { category: "product_version", name: "libzookeeper2-devel-3.4.10-6.1.ppc64le", product: { name: "libzookeeper2-devel-3.4.10-6.1.ppc64le", product_id: "libzookeeper2-devel-3.4.10-6.1.ppc64le", }, }, { category: "product_version", name: "memcached-1.5.17-3.6.1.ppc64le", product: { name: "memcached-1.5.17-3.6.1.ppc64le", product_id: "memcached-1.5.17-3.6.1.ppc64le", }, }, { category: "product_version", name: "memcached-devel-1.5.17-3.6.1.ppc64le", product: { name: "memcached-devel-1.5.17-3.6.1.ppc64le", product_id: "memcached-devel-1.5.17-3.6.1.ppc64le", }, }, { category: "product_version", name: "python-Pillow-2.8.1-4.12.1.ppc64le", product: { name: "python-Pillow-2.8.1-4.12.1.ppc64le", product_id: "python-Pillow-2.8.1-4.12.1.ppc64le", }, }, { category: "product_version", name: "python-Pillow-tk-2.8.1-4.12.1.ppc64le", product: { name: "python-Pillow-tk-2.8.1-4.12.1.ppc64le", product_id: "python-Pillow-tk-2.8.1-4.12.1.ppc64le", }, }, { category: "product_version", name: "python-psutil-1.2.1-21.1.ppc64le", product: { name: "python-psutil-1.2.1-21.1.ppc64le", product_id: "python-psutil-1.2.1-21.1.ppc64le", }, }, { category: "product_version", name: "python3-psutil-1.2.1-21.1.ppc64le", product: { name: "python3-psutil-1.2.1-21.1.ppc64le", product_id: "python3-psutil-1.2.1-21.1.ppc64le", }, }, { category: "product_version", name: "rabbitmq-server-3.4.4-3.16.1.ppc64le", product: { name: "rabbitmq-server-3.4.4-3.16.1.ppc64le", product_id: "rabbitmq-server-3.4.4-3.16.1.ppc64le", }, }, { category: "product_version", name: "rabbitmq-server-plugins-3.4.4-3.16.1.ppc64le", product: { name: "rabbitmq-server-plugins-3.4.4-3.16.1.ppc64le", product_id: "rabbitmq-server-plugins-3.4.4-3.16.1.ppc64le", }, }, { category: "product_version", name: "ruby2.1-rubygem-activeresource-4.0.0-3.3.1.ppc64le", product: { name: "ruby2.1-rubygem-activeresource-4.0.0-3.3.1.ppc64le", product_id: "ruby2.1-rubygem-activeresource-4.0.0-3.3.1.ppc64le", }, }, { category: "product_version", name: "ruby2.1-rubygem-activeresource-doc-4.0.0-3.3.1.ppc64le", product: { name: "ruby2.1-rubygem-activeresource-doc-4.0.0-3.3.1.ppc64le", product_id: "ruby2.1-rubygem-activeresource-doc-4.0.0-3.3.1.ppc64le", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.ppc64le", product: { name: "ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.ppc64le", product_id: "ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.ppc64le", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-doc-3.9.2-7.20.1.ppc64le", product: { name: "ruby2.1-rubygem-crowbar-client-doc-3.9.2-7.20.1.ppc64le", product_id: "ruby2.1-rubygem-crowbar-client-doc-3.9.2-7.20.1.ppc64le", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.2-7.20.1.ppc64le", product: { name: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.2-7.20.1.ppc64le", product_id: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.2-7.20.1.ppc64le", }, }, { category: "product_version", name: "ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.ppc64le", product: { name: "ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.ppc64le", product_id: "ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.ppc64le", }, }, { category: "product_version", name: "ruby2.1-rubygem-puma-2.16.0-4.6.1.ppc64le", product: { name: "ruby2.1-rubygem-puma-2.16.0-4.6.1.ppc64le", product_id: "ruby2.1-rubygem-puma-2.16.0-4.6.1.ppc64le", }, }, { category: "product_version", name: "ruby2.1-rubygem-puma-doc-2.16.0-4.6.1.ppc64le", product: { name: "ruby2.1-rubygem-puma-doc-2.16.0-4.6.1.ppc64le", product_id: "ruby2.1-rubygem-puma-doc-2.16.0-4.6.1.ppc64le", }, }, { category: "product_version", name: "zookeeper-client-3.4.10-6.1.ppc64le", product: { name: "zookeeper-client-3.4.10-6.1.ppc64le", product_id: "zookeeper-client-3.4.10-6.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", product: { name: "crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", product_id: "crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", }, }, { category: "product_version", name: "crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", product: { name: "crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", product_id: "crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", }, }, { category: "product_version", name: "crowbar-core-devel-4.0+git.1580209654.1d112d31f-9.66.5.s390x", product: { name: "crowbar-core-devel-4.0+git.1580209654.1d112d31f-9.66.5.s390x", product_id: "crowbar-core-devel-4.0+git.1580209654.1d112d31f-9.66.5.s390x", }, }, { category: "product_version", name: "erlang-rabbitmq-client-3.4.4-3.16.1.s390x", product: { name: "erlang-rabbitmq-client-3.4.4-3.16.1.s390x", product_id: "erlang-rabbitmq-client-3.4.4-3.16.1.s390x", }, }, { category: "product_version", name: "grafana-4.6.5-1.14.1.s390x", product: { name: "grafana-4.6.5-1.14.1.s390x", product_id: "grafana-4.6.5-1.14.1.s390x", }, }, { category: "product_version", name: "keepalived-2.0.19-1.8.1.s390x", product: { name: "keepalived-2.0.19-1.8.1.s390x", product_id: "keepalived-2.0.19-1.8.1.s390x", }, }, { category: "product_version", name: "kibana-4.6.3-5.1.s390x", product: { name: "kibana-4.6.3-5.1.s390x", product_id: "kibana-4.6.3-5.1.s390x", }, }, { category: "product_version", name: "libzookeeper2-3.4.10-6.1.s390x", product: { name: "libzookeeper2-3.4.10-6.1.s390x", product_id: "libzookeeper2-3.4.10-6.1.s390x", }, }, { category: "product_version", name: "libzookeeper2-devel-3.4.10-6.1.s390x", product: { name: "libzookeeper2-devel-3.4.10-6.1.s390x", product_id: "libzookeeper2-devel-3.4.10-6.1.s390x", }, }, { category: "product_version", name: "memcached-1.5.17-3.6.1.s390x", product: { name: "memcached-1.5.17-3.6.1.s390x", product_id: "memcached-1.5.17-3.6.1.s390x", }, }, { category: "product_version", name: "memcached-devel-1.5.17-3.6.1.s390x", product: { name: "memcached-devel-1.5.17-3.6.1.s390x", product_id: "memcached-devel-1.5.17-3.6.1.s390x", }, }, { category: "product_version", name: "python-Pillow-2.8.1-4.12.1.s390x", product: { name: "python-Pillow-2.8.1-4.12.1.s390x", product_id: "python-Pillow-2.8.1-4.12.1.s390x", }, }, { category: "product_version", name: "python-Pillow-tk-2.8.1-4.12.1.s390x", product: { name: "python-Pillow-tk-2.8.1-4.12.1.s390x", product_id: "python-Pillow-tk-2.8.1-4.12.1.s390x", }, }, { category: "product_version", name: "python-cffi-1.11.2-3.3.2.s390x", product: { name: "python-cffi-1.11.2-3.3.2.s390x", product_id: "python-cffi-1.11.2-3.3.2.s390x", }, }, { category: "product_version", name: "python-psutil-1.2.1-21.1.s390x", product: { name: "python-psutil-1.2.1-21.1.s390x", product_id: "python-psutil-1.2.1-21.1.s390x", }, }, { category: "product_version", name: "python3-psutil-1.2.1-21.1.s390x", product: { name: "python3-psutil-1.2.1-21.1.s390x", product_id: "python3-psutil-1.2.1-21.1.s390x", }, }, { category: "product_version", name: "rabbitmq-server-3.4.4-3.16.1.s390x", product: { name: "rabbitmq-server-3.4.4-3.16.1.s390x", product_id: "rabbitmq-server-3.4.4-3.16.1.s390x", }, }, { category: "product_version", name: "rabbitmq-server-plugins-3.4.4-3.16.1.s390x", product: { name: "rabbitmq-server-plugins-3.4.4-3.16.1.s390x", product_id: "rabbitmq-server-plugins-3.4.4-3.16.1.s390x", }, }, { category: "product_version", name: "ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", product: { name: "ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", product_id: "ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", }, }, { category: "product_version", name: "ruby2.1-rubygem-activeresource-doc-4.0.0-3.3.1.s390x", product: { name: "ruby2.1-rubygem-activeresource-doc-4.0.0-3.3.1.s390x", product_id: "ruby2.1-rubygem-activeresource-doc-4.0.0-3.3.1.s390x", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", product: { name: "ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", product_id: "ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-doc-3.9.2-7.20.1.s390x", product: { name: "ruby2.1-rubygem-crowbar-client-doc-3.9.2-7.20.1.s390x", product_id: "ruby2.1-rubygem-crowbar-client-doc-3.9.2-7.20.1.s390x", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.2-7.20.1.s390x", product: { name: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.2-7.20.1.s390x", product_id: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.2-7.20.1.s390x", }, }, { category: "product_version", name: "ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", product: { name: "ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", product_id: "ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", }, }, { category: "product_version", name: "ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", product: { name: "ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", product_id: "ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", }, }, { category: "product_version", name: "ruby2.1-rubygem-puma-doc-2.16.0-4.6.1.s390x", product: { name: "ruby2.1-rubygem-puma-doc-2.16.0-4.6.1.s390x", product_id: "ruby2.1-rubygem-puma-doc-2.16.0-4.6.1.s390x", }, }, { category: "product_version", name: "zookeeper-client-3.4.10-6.1.s390x", product: { name: "zookeeper-client-3.4.10-6.1.s390x", product_id: "zookeeper-client-3.4.10-6.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", product: { name: "crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", product_id: "crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", }, }, { category: "product_version", name: "crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", product: { name: "crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", product_id: "crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", }, }, { category: "product_version", name: "crowbar-core-devel-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", product: { name: "crowbar-core-devel-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", product_id: "crowbar-core-devel-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", }, }, { category: "product_version", name: "erlang-rabbitmq-client-3.4.4-3.16.1.x86_64", product: { name: "erlang-rabbitmq-client-3.4.4-3.16.1.x86_64", product_id: "erlang-rabbitmq-client-3.4.4-3.16.1.x86_64", }, }, { category: "product_version", name: "grafana-4.6.5-1.14.1.x86_64", product: { name: "grafana-4.6.5-1.14.1.x86_64", product_id: "grafana-4.6.5-1.14.1.x86_64", }, }, { category: "product_version", name: "keepalived-2.0.19-1.8.1.x86_64", product: { name: "keepalived-2.0.19-1.8.1.x86_64", product_id: "keepalived-2.0.19-1.8.1.x86_64", }, }, { category: "product_version", name: "kibana-4.6.3-5.1.x86_64", product: { name: "kibana-4.6.3-5.1.x86_64", product_id: "kibana-4.6.3-5.1.x86_64", }, }, { category: "product_version", name: "libzookeeper2-3.4.10-6.1.x86_64", product: { name: "libzookeeper2-3.4.10-6.1.x86_64", product_id: "libzookeeper2-3.4.10-6.1.x86_64", }, }, { category: "product_version", name: "libzookeeper2-devel-3.4.10-6.1.x86_64", product: { name: "libzookeeper2-devel-3.4.10-6.1.x86_64", product_id: "libzookeeper2-devel-3.4.10-6.1.x86_64", }, }, { category: "product_version", name: "memcached-1.5.17-3.6.1.x86_64", product: { name: "memcached-1.5.17-3.6.1.x86_64", product_id: "memcached-1.5.17-3.6.1.x86_64", }, }, { category: "product_version", name: "memcached-devel-1.5.17-3.6.1.x86_64", product: { name: "memcached-devel-1.5.17-3.6.1.x86_64", product_id: "memcached-devel-1.5.17-3.6.1.x86_64", }, }, { category: "product_version", name: "python-Pillow-2.8.1-4.12.1.x86_64", product: { name: "python-Pillow-2.8.1-4.12.1.x86_64", product_id: "python-Pillow-2.8.1-4.12.1.x86_64", }, }, { category: "product_version", name: "python-Pillow-tk-2.8.1-4.12.1.x86_64", product: { name: "python-Pillow-tk-2.8.1-4.12.1.x86_64", product_id: "python-Pillow-tk-2.8.1-4.12.1.x86_64", }, }, { category: "product_version", name: "python-cffi-1.11.2-3.3.2.x86_64", product: { name: "python-cffi-1.11.2-3.3.2.x86_64", product_id: "python-cffi-1.11.2-3.3.2.x86_64", }, }, { category: "product_version", name: "python-psutil-1.2.1-21.1.x86_64", product: { name: "python-psutil-1.2.1-21.1.x86_64", product_id: "python-psutil-1.2.1-21.1.x86_64", }, }, { category: "product_version", name: "python3-psutil-1.2.1-21.1.x86_64", product: { name: "python3-psutil-1.2.1-21.1.x86_64", product_id: "python3-psutil-1.2.1-21.1.x86_64", }, }, { category: "product_version", name: "rabbitmq-server-3.4.4-3.16.1.x86_64", product: { name: "rabbitmq-server-3.4.4-3.16.1.x86_64", product_id: "rabbitmq-server-3.4.4-3.16.1.x86_64", }, }, { category: "product_version", name: "rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", product: { name: "rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", product_id: "rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", }, }, { category: "product_version", name: "ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", product: { name: "ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", product_id: "ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", }, }, { category: "product_version", name: "ruby2.1-rubygem-activeresource-doc-4.0.0-3.3.1.x86_64", product: { name: "ruby2.1-rubygem-activeresource-doc-4.0.0-3.3.1.x86_64", product_id: "ruby2.1-rubygem-activeresource-doc-4.0.0-3.3.1.x86_64", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", product: { name: "ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", product_id: "ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-doc-3.9.2-7.20.1.x86_64", product: { name: "ruby2.1-rubygem-crowbar-client-doc-3.9.2-7.20.1.x86_64", product_id: "ruby2.1-rubygem-crowbar-client-doc-3.9.2-7.20.1.x86_64", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.2-7.20.1.x86_64", product: { name: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.2-7.20.1.x86_64", product_id: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.2-7.20.1.x86_64", }, }, { category: "product_version", name: "ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", product: { name: "ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", product_id: "ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", }, }, { category: "product_version", name: "ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", product: { name: "ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", product_id: "ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", }, }, { category: "product_version", name: "ruby2.1-rubygem-puma-doc-2.16.0-4.6.1.x86_64", product: { name: "ruby2.1-rubygem-puma-doc-2.16.0-4.6.1.x86_64", product_id: "ruby2.1-rubygem-puma-doc-2.16.0-4.6.1.x86_64", }, }, { category: "product_version", name: "zookeeper-client-3.4.10-6.1.x86_64", product: { name: "zookeeper-client-3.4.10-6.1.x86_64", product_id: "zookeeper-client-3.4.10-6.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE OpenStack Cloud 7", product: { name: "SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud:7", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-2.2.3.0-12.2.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", }, product_reference: "ansible-2.2.3.0-12.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", }, product_reference: "crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64 as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", }, product_reference: "crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", }, product_reference: "crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64 as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", }, product_reference: "crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", }, product_reference: "crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", }, product_reference: "crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "grafana-4.6.5-1.14.1.x86_64 as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", }, product_reference: "grafana-4.6.5-1.14.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "keepalived-2.0.19-1.8.1.s390x as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", }, product_reference: "keepalived-2.0.19-1.8.1.s390x", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "keepalived-2.0.19-1.8.1.x86_64 as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", }, product_reference: "keepalived-2.0.19-1.8.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "kibana-4.6.3-5.1.x86_64 as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", }, product_reference: "kibana-4.6.3-5.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "memcached-1.5.17-3.6.1.s390x as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", }, product_reference: "memcached-1.5.17-3.6.1.s390x", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "memcached-1.5.17-3.6.1.x86_64 as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", }, product_reference: "memcached-1.5.17-3.6.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "monasca-installer-20180608_12.47-12.1.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", }, product_reference: "monasca-installer-20180608_12.47-12.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", }, product_reference: "openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-3.0.1~dev30-4.12.2.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", }, product_reference: "openstack-manila-3.0.1~dev30-4.12.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-api-3.0.1~dev30-4.12.2.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", }, product_reference: "openstack-manila-api-3.0.1~dev30-4.12.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-data-3.0.1~dev30-4.12.2.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", }, product_reference: "openstack-manila-data-3.0.1~dev30-4.12.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-doc-3.0.1~dev30-4.12.3.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", }, product_reference: "openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", }, product_reference: "openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-share-3.0.1~dev30-4.12.2.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", }, product_reference: "openstack-manila-share-3.0.1~dev30-4.12.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", }, product_reference: "openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", }, product_reference: "openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-14.0.11~dev13-4.40.2.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", }, product_reference: "openstack-nova-14.0.11~dev13-4.40.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-api-14.0.11~dev13-4.40.2.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", }, product_reference: "openstack-nova-api-14.0.11~dev13-4.40.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-cells-14.0.11~dev13-4.40.2.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", }, product_reference: "openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-cert-14.0.11~dev13-4.40.2.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", }, product_reference: "openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-compute-14.0.11~dev13-4.40.2.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", }, product_reference: "openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", }, product_reference: "openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-console-14.0.11~dev13-4.40.2.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", }, product_reference: "openstack-nova-console-14.0.11~dev13-4.40.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", }, product_reference: "openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-doc-14.0.11~dev13-4.40.2.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", }, product_reference: "openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", }, product_reference: "openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", }, product_reference: "openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", }, product_reference: "openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", }, product_reference: "openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", }, product_reference: "openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", }, product_reference: "openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", }, product_reference: "openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "python-Django-1.8.19-3.23.1.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", }, product_reference: "python-Django-1.8.19-3.23.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "python-Pillow-2.8.1-4.12.1.s390x as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", }, product_reference: "python-Pillow-2.8.1-4.12.1.s390x", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "python-Pillow-2.8.1-4.12.1.x86_64 as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", }, product_reference: "python-Pillow-2.8.1-4.12.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "python-manila-3.0.1~dev30-4.12.2.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", }, product_reference: "python-manila-3.0.1~dev30-4.12.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", }, product_reference: "python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "python-nova-14.0.11~dev13-4.40.2.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", }, product_reference: "python-nova-14.0.11~dev13-4.40.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", }, product_reference: "python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "python-psutil-1.2.1-21.1.s390x as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", }, product_reference: "python-psutil-1.2.1-21.1.s390x", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "python-psutil-1.2.1-21.1.x86_64 as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", }, product_reference: "python-psutil-1.2.1-21.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "python-py-1.8.1-11.12.1.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", }, product_reference: "python-py-1.8.1-11.12.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "python-pysaml2-4.0.2-3.17.1.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", }, product_reference: "python-pysaml2-4.0.2-3.17.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "python-tempest-12.2.1~a0~dev177-4.9.1.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", }, product_reference: "python-tempest-12.2.1~a0~dev177-4.9.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "python-waitress-1.4.3-3.3.1.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", }, product_reference: "python-waitress-1.4.3-3.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "rabbitmq-server-3.4.4-3.16.1.s390x as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", }, product_reference: "rabbitmq-server-3.4.4-3.16.1.s390x", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "rabbitmq-server-3.4.4-3.16.1.x86_64 as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", }, product_reference: "rabbitmq-server-3.4.4-3.16.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "rabbitmq-server-plugins-3.4.4-3.16.1.s390x as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", }, product_reference: "rabbitmq-server-plugins-3.4.4-3.16.1.s390x", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "rabbitmq-server-plugins-3.4.4-3.16.1.x86_64 as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", }, product_reference: "rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", }, product_reference: "release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", }, product_reference: "ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64 as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", }, product_reference: "ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", }, product_reference: "ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64 as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", }, product_reference: "ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", }, product_reference: "ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64 as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", }, product_reference: "ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", }, product_reference: "ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64 as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", }, product_reference: "ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "zookeeper-server-3.4.10-6.1.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", }, product_reference: "zookeeper-server-3.4.10-6.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, ], }, vulnerabilities: [ { cve: "CVE-2017-1000246", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-1000246", }, ], notes: [ { category: "general", text: "Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2017-1000246", url: "https://www.suse.com/security/cve/CVE-2017-1000246", }, { category: "external", summary: "SUSE Bug 1068612 for CVE-2017-1000246", url: "https://bugzilla.suse.com/1068612", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "low", }, ], title: "CVE-2017-1000246", }, { cve: "CVE-2017-4965", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-4965", }, ], notes: [ { category: "general", text: "An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2017-4965", url: "https://www.suse.com/security/cve/CVE-2017-4965", }, { category: "external", summary: "SUSE Bug 1037777 for CVE-2017-4965", url: "https://bugzilla.suse.com/1037777", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "low", }, ], title: "CVE-2017-4965", }, { cve: "CVE-2017-4967", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-4967", }, ], notes: [ { category: "general", text: "An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2017-4967", url: "https://www.suse.com/security/cve/CVE-2017-4967", }, { category: "external", summary: "SUSE Bug 1037777 for CVE-2017-4967", url: "https://bugzilla.suse.com/1037777", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "low", }, ], title: "CVE-2017-4967", }, { cve: "CVE-2018-1000115", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1000115", }, ], notes: [ { category: "general", text: "Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-1000115", url: "https://www.suse.com/security/cve/CVE-2018-1000115", }, { category: "external", summary: "SUSE Bug 1083903 for CVE-2018-1000115", url: "https://bugzilla.suse.com/1083903", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "important", }, ], title: "CVE-2018-1000115", }, { cve: "CVE-2019-0201", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-0201", }, ], notes: [ { category: "general", text: "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper's getACL() command doesn't check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-0201", url: "https://www.suse.com/security/cve/CVE-2019-0201", }, { category: "external", summary: "SUSE Bug 1135773 for CVE-2019-0201", url: "https://bugzilla.suse.com/1135773", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "important", }, ], title: "CVE-2019-0201", }, { cve: "CVE-2019-11596", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11596", }, ], notes: [ { category: "general", text: "In memcached before 1.5.14, a NULL pointer dereference was found in the \"lru mode\" and \"lru temp_ttl\" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-11596", url: "https://www.suse.com/security/cve/CVE-2019-11596", }, { category: "external", summary: "SUSE Bug 1133817 for CVE-2019-11596", url: "https://bugzilla.suse.com/1133817", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "important", }, ], title: "CVE-2019-11596", }, { cve: "CVE-2019-15026", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-15026", }, ], notes: [ { category: "general", text: "memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-15026", url: "https://www.suse.com/security/cve/CVE-2019-15026", }, { category: "external", summary: "SUSE Bug 1149110 for CVE-2019-15026", url: "https://bugzilla.suse.com/1149110", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.0", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "low", }, ], title: "CVE-2019-15026", }, { cve: "CVE-2019-15043", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-15043", }, ], notes: [ { category: "general", text: "In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-15043", url: "https://www.suse.com/security/cve/CVE-2019-15043", }, { category: "external", summary: "SUSE Bug 1148383 for CVE-2019-15043", url: "https://bugzilla.suse.com/1148383", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", version: "3.1", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "important", }, ], title: "CVE-2019-15043", }, { cve: "CVE-2019-16785", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-16785", }, ], notes: [ { category: "general", text: "Waitress through version 1.3.1 implemented a \"MAY\" part of the RFC7230 which states: \"Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR.\" Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message. This issue is fixed in Waitress 1.4.0.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-16785", url: "https://www.suse.com/security/cve/CVE-2019-16785", }, { category: "external", summary: "SUSE Bug 1161088 for CVE-2019-16785", url: "https://bugzilla.suse.com/1161088", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "important", }, ], title: "CVE-2019-16785", }, { cve: "CVE-2019-16786", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-16786", }, ], notes: [ { category: "general", text: "Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-Encoding should be a comma separated list, with the inner-most encoding first, followed by any further transfer codings, ending with chunked. Requests sent with: \"Transfer-Encoding: gzip, chunked\" would incorrectly get ignored, and the request would use a Content-Length header instead to determine the body size of the HTTP message. This could allow for Waitress to treat a single request as multiple requests in the case of HTTP pipelining. This issue is fixed in Waitress 1.4.0.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-16786", url: "https://www.suse.com/security/cve/CVE-2019-16786", }, { category: "external", summary: "SUSE Bug 1161089 for CVE-2019-16786", url: "https://bugzilla.suse.com/1161089", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "important", }, ], title: "CVE-2019-16786", }, { cve: "CVE-2019-16789", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-16789", }, ], notes: [ { category: "general", text: "In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special whitespace characters in the Transfer-Encoding header would get parsed by Waitress as being a chunked request, but a front-end server would use the Content-Length instead as the Transfer-Encoding header is considered invalid due to containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server this could lead to HTTP request splitting which may lead to potential cache poisoning or unexpected information disclosure. This issue is fixed in Waitress 1.4.1 through more strict HTTP field validation.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-16789", url: "https://www.suse.com/security/cve/CVE-2019-16789", }, { category: "external", summary: "SUSE Bug 1160790 for CVE-2019-16789", url: "https://bugzilla.suse.com/1160790", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", version: "3.1", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "important", }, ], title: "CVE-2019-16789", }, { cve: "CVE-2019-16792", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-16792", }, ], notes: [ { category: "general", text: "Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-16792", url: "https://www.suse.com/security/cve/CVE-2019-16792", }, { category: "external", summary: "SUSE Bug 1161670 for CVE-2019-16792", url: "https://bugzilla.suse.com/1161670", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "moderate", }, ], title: "CVE-2019-16792", }, { cve: "CVE-2019-16865", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-16865", }, ], notes: [ { category: "general", text: "An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-16865", url: "https://www.suse.com/security/cve/CVE-2019-16865", }, { category: "external", summary: "SUSE Bug 1153191 for CVE-2019-16865", url: "https://bugzilla.suse.com/1153191", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "low", }, ], title: "CVE-2019-16865", }, { cve: "CVE-2019-18874", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-18874", }, ], notes: [ { category: "general", text: "psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-18874", url: "https://www.suse.com/security/cve/CVE-2019-18874", }, { category: "external", summary: "SUSE Bug 1156525 for CVE-2019-18874", url: "https://bugzilla.suse.com/1156525", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "low", }, ], title: "CVE-2019-18874", }, { cve: "CVE-2019-19844", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-19844", }, ], notes: [ { category: "general", text: "Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-19844", url: "https://www.suse.com/security/cve/CVE-2019-19844", }, { category: "external", summary: "SUSE Bug 1159447 for CVE-2019-19844", url: "https://bugzilla.suse.com/1159447", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "moderate", }, ], title: "CVE-2019-19844", }, { cve: "CVE-2019-19911", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-19911", }, ], notes: [ { category: "general", text: "There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-19911", url: "https://www.suse.com/security/cve/CVE-2019-19911", }, { category: "external", summary: "SUSE Bug 1160192 for CVE-2019-19911", url: "https://bugzilla.suse.com/1160192", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "important", }, ], title: "CVE-2019-19911", }, { cve: "CVE-2019-3498", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-3498", }, ], notes: [ { category: "general", text: "In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-3498", url: "https://www.suse.com/security/cve/CVE-2019-3498", }, { category: "external", summary: "SUSE Bug 1120932 for CVE-2019-3498", url: "https://bugzilla.suse.com/1120932", }, { category: "external", summary: "SUSE Bug 1139945 for CVE-2019-3498", url: "https://bugzilla.suse.com/1139945", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "low", }, ], title: "CVE-2019-3498", }, { cve: "CVE-2019-3828", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-3828", }, ], notes: [ { category: "general", text: "Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-3828", url: "https://www.suse.com/security/cve/CVE-2019-3828", }, { category: "external", summary: "SUSE Bug 1126503 for CVE-2019-3828", url: "https://bugzilla.suse.com/1126503", }, { category: "external", summary: "SUSE Bug 1164137 for CVE-2019-3828", url: "https://bugzilla.suse.com/1164137", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "moderate", }, ], title: "CVE-2019-3828", }, { cve: "CVE-2020-10663", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10663", }, ], notes: [ { category: "general", text: "The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-10663", url: "https://www.suse.com/security/cve/CVE-2020-10663", }, { category: "external", summary: "SUSE Bug 1167244 for CVE-2020-10663", url: "https://bugzilla.suse.com/1167244", }, { category: "external", summary: "SUSE Bug 1171517 for CVE-2020-10663", url: "https://bugzilla.suse.com/1171517", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "important", }, ], title: "CVE-2020-10663", }, { cve: "CVE-2020-10743", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10743", }, ], notes: [ { category: "general", text: "It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacking.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-10743", url: "https://www.suse.com/security/cve/CVE-2020-10743", }, { category: "external", summary: "SUSE Bug 1171909 for CVE-2020-10743", url: "https://bugzilla.suse.com/1171909", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 3.9, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "low", }, ], title: "CVE-2020-10743", }, { cve: "CVE-2020-11076", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11076", }, ], notes: [ { category: "general", text: "In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-11076", url: "https://www.suse.com/security/cve/CVE-2020-11076", }, { category: "external", summary: "SUSE Bug 1172175 for CVE-2020-11076", url: "https://bugzilla.suse.com/1172175", }, { category: "external", summary: "SUSE Bug 1172176 for CVE-2020-11076", url: "https://bugzilla.suse.com/1172176", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", version: "3.1", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "moderate", }, ], title: "CVE-2020-11076", }, { cve: "CVE-2020-11077", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11077", }, ], notes: [ { category: "general", text: "In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-11077", url: "https://www.suse.com/security/cve/CVE-2020-11077", }, { category: "external", summary: "SUSE Bug 1172175 for CVE-2020-11077", url: "https://bugzilla.suse.com/1172175", }, { category: "external", summary: "SUSE Bug 1172176 for CVE-2020-11077", url: "https://bugzilla.suse.com/1172176", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", version: "3.1", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "moderate", }, ], title: "CVE-2020-11077", }, { cve: "CVE-2020-12052", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-12052", }, ], notes: [ { category: "general", text: "Grafana version < 6.7.3 is vulnerable for annotation popup XSS.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-12052", url: "https://www.suse.com/security/cve/CVE-2020-12052", }, { category: "external", summary: "SUSE Bug 1170657 for CVE-2020-12052", url: "https://bugzilla.suse.com/1170657", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "moderate", }, ], title: "CVE-2020-12052", }, { cve: "CVE-2020-13254", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-13254", }, ], notes: [ { category: "general", text: "An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-13254", url: "https://www.suse.com/security/cve/CVE-2020-13254", }, { category: "external", summary: "SUSE Bug 1172166 for CVE-2020-13254", url: "https://bugzilla.suse.com/1172166", }, { category: "external", summary: "SUSE Bug 1172167 for CVE-2020-13254", url: "https://bugzilla.suse.com/1172167", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "moderate", }, ], title: "CVE-2020-13254", }, { cve: "CVE-2020-13379", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-13379", }, ], notes: [ { category: "general", text: "The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-13379", url: "https://www.suse.com/security/cve/CVE-2020-13379", }, { category: "external", summary: "SUSE Bug 1172409 for CVE-2020-13379", url: "https://bugzilla.suse.com/1172409", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "important", }, ], title: "CVE-2020-13379", }, { cve: "CVE-2020-13596", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-13596", }, ], notes: [ { category: "general", text: "An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-13596", url: "https://www.suse.com/security/cve/CVE-2020-13596", }, { category: "external", summary: "SUSE Bug 1172166 for CVE-2020-13596", url: "https://bugzilla.suse.com/1172166", }, { category: "external", summary: "SUSE Bug 1172167 for CVE-2020-13596", url: "https://bugzilla.suse.com/1172167", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "moderate", }, ], title: "CVE-2020-13596", }, { cve: "CVE-2020-5247", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-5247", }, ], notes: [ { category: "general", text: "In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-5247", url: "https://www.suse.com/security/cve/CVE-2020-5247", }, { category: "external", summary: "SUSE Bug 1165402 for CVE-2020-5247", url: "https://bugzilla.suse.com/1165402", }, { category: "external", summary: "SUSE Bug 1165524 for CVE-2020-5247", url: "https://bugzilla.suse.com/1165524", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "moderate", }, ], title: "CVE-2020-5247", }, { cve: "CVE-2020-5312", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-5312", }, ], notes: [ { category: "general", text: "libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-5312", url: "https://www.suse.com/security/cve/CVE-2020-5312", }, { category: "external", summary: "SUSE Bug 1160152 for CVE-2020-5312", url: "https://bugzilla.suse.com/1160152", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "important", }, ], title: "CVE-2020-5312", }, { cve: "CVE-2020-5313", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-5313", }, ], notes: [ { category: "general", text: "libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-5313", url: "https://www.suse.com/security/cve/CVE-2020-5313", }, { category: "external", summary: "SUSE Bug 1160153 for CVE-2020-5313", url: "https://bugzilla.suse.com/1160153", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "important", }, ], title: "CVE-2020-5313", }, { cve: "CVE-2020-5390", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-5390", }, ], notes: [ { category: "general", text: "PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thus the signature verification will succeed, but the wrong data will be used. This specifically affects the verification of assertion that have been signed.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-5390", url: "https://www.suse.com/security/cve/CVE-2020-5390", }, { category: "external", summary: "SUSE Bug 1160851 for CVE-2020-5390", url: "https://bugzilla.suse.com/1160851", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "moderate", }, ], title: "CVE-2020-5390", }, { cve: "CVE-2020-8151", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-8151", }, ], notes: [ { category: "general", text: "There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-8151", url: "https://www.suse.com/security/cve/CVE-2020-8151", }, { category: "external", summary: "SUSE Bug 1171560 for CVE-2020-8151", url: "https://bugzilla.suse.com/1171560", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE OpenStack Cloud 7:ansible-2.2.3.0-12.2.noarch", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.s390x", "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5.x86_64", "SUSE OpenStack Cloud 7:crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4.noarch", "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4.noarch", "SUSE OpenStack Cloud 7:grafana-4.6.5-1.14.1.x86_64", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.s390x", "SUSE OpenStack Cloud 7:keepalived-2.0.19-1.8.1.x86_64", "SUSE OpenStack Cloud 7:kibana-4.6.3-5.1.x86_64", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.s390x", "SUSE OpenStack Cloud 7:memcached-1.5.17-3.6.1.x86_64", "SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-12.1.noarch", "SUSE OpenStack Cloud 7:openstack-dashboard-theme-SUSE-2016.2-5.12.4.noarch", "SUSE OpenStack Cloud 7:openstack-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-api-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-data-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-doc-3.0.1~dev30-4.12.3.noarch", "SUSE OpenStack Cloud 7:openstack-manila-scheduler-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-manila-share-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4.noarch", "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-Django-1.8.19-3.23.1.noarch", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.s390x", "SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.12.1.x86_64", "SUSE OpenStack Cloud 7:python-manila-3.0.1~dev30-4.12.2.noarch", "SUSE OpenStack Cloud 7:python-neutron-fwaas-9.0.2~dev5-4.9.3.noarch", "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.40.2.noarch", "SUSE OpenStack Cloud 7:python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1.noarch", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.s390x", "SUSE OpenStack Cloud 7:python-psutil-1.2.1-21.1.x86_64", "SUSE OpenStack Cloud 7:python-py-1.8.1-11.12.1.noarch", "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.17.1.noarch", "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.9.1.noarch", "SUSE OpenStack Cloud 7:python-waitress-1.4.3-3.3.1.noarch", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.s390x", "SUSE OpenStack Cloud 7:rabbitmq-server-plugins-3.4.4-3.16.1.x86_64", "SUSE OpenStack Cloud 7:release-notes-suse-openstack-cloud-7.20180803-3.18.3.noarch", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activeresource-4.0.0-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-json-1_7-1.7.7-3.3.1.x86_64", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", "SUSE OpenStack Cloud 7:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud 7:zookeeper-server-3.4.10-6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-29T14:31:35Z", details: "moderate", }, ], title: "CVE-2020-8151", }, ], }
suse-su-2020:1190-1
Vulnerability from csaf_suse
Published
2020-05-05 11:44
Modified
2020-05-05 11:44
Summary
Security update for ardana-ansible, ardana-barbican, ardana-cluster, ardana-db, ardana-designate, ardana-input-model, ardana-logging, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, memcached, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-ironic, openstack-ironic-image, openstack-manila, openstack-neutron, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, python-cinderclient, python-glanceclient, python-ironic-lib, python-ironicclient, python-keystonemiddleware, python-manila-tempest-plugin, python-novaclient, python-octaviaclient, python-openstackclient, python-os-brick, python-oslo.config, python-oslo.rootwrap, python-oslo.utils, python-swiftclient, python-watcherclient, release-notes-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, zookeeper
Notes
Title of the patch
Security update for ardana-ansible, ardana-barbican, ardana-cluster, ardana-db, ardana-designate, ardana-input-model, ardana-logging, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, memcached, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-ironic, openstack-ironic-image, openstack-manila, openstack-neutron, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, python-cinderclient, python-glanceclient, python-ironic-lib, python-ironicclient, python-keystonemiddleware, python-manila-tempest-plugin, python-novaclient, python-octaviaclient, python-openstackclient, python-os-brick, python-oslo.config, python-oslo.rootwrap, python-oslo.utils, python-swiftclient, python-watcherclient, release-notes-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, zookeeper
Description of the patch
This update for ardana-ansible, ardana-barbican, ardana-cluster, ardana-db, ardana-designate, ardana-input-model, ardana-logging, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, memcached, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-ironic, openstack-ironic-image, openstack-manila, openstack-neutron, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, python-cinderclient, python-glanceclient, python-ironic-lib, python-ironicclient, python-keystonemiddleware, python-manila-tempest-plugin, python-novaclient, python-octaviaclient, python-openstackclient, python-os-brick, python-oslo.config, python-oslo.rootwrap, python-oslo.utils, python-swiftclient, python-watcherclient, release-notes-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, zookeeper contains the following fixes:
Security fixes for memcached:
- CVE-2019-15026: Fixed a stack-based buffer over-read in conn_to_str() (bsc#1149110).
- CVE-2019-11596: Fixed a denial of service when parsing crafted lru command messages in process_lru_comma() (bsc#1133817).
Security fixes for zookeeper:
- CVE-2019-0201: Fixed a information disclosure vulnerability related to getACL() (bsc#1135773).
Changes in rubygem-crowbar-client:
- Update to 3.9.2
- Enable SES commands in Cloud8 (SOC-11122)
Changes in rubygem-puma:
- Add CVE-2020-5247.patch (bsc#1165402)
'Fixes a problem where we were not splitting newlines in headers
according to Rack spec'
The patch is reduced compared to the upstream version, which was
patching also the parts that are not implemented in our old Puma
version. This applies to unit test as well.
Changes in ardana-ansible:
- Update to version 9.0+git.1587034359.a12678b:
* Include SLE 12 SP3 LTSS repos in list of managed repos (SOC-11223)
- Update to version 9.0+git.1586793433.f7bbf1b:
* Ensure rabbitmq-server not running during dist-upgrade (SOC-11083)
- Update to version 9.0+git.1586521995.f709c73:
* Upgrade packages before _osconfig-upgrade.yml (SOC-11149)
- Update to version 9.0+git.1584135277.f4d488a:
* Serialise the _ardana-update-base.yml zypper actions (SOC-11083)
- Update to version 9.0+git.1583518616.d4eb33f:
* Upgrade pre-checks in Cloud 8 and Cloud 9 (SOC-10300)
Changes in ardana-barbican:
- Update to version 9.0+git.1583953599.cd723bb:
* monitor ardana-node-cert (SOC-10873)
Changes in ardana-cluster:
- Update to version 9.0+git.1585653734.c1fe3b2:
* Use bool filter to ensure valid boolean evaluation (SOC-11192)
Changes in ardana-db:
- Update to version 9.0+git.1586543314.6b6aa20:
* Improve boostrap error handling (SOC-11207)
- Update to version 9.0+git.1583946648.0892bab:
* monitor MySQL TLS certificate (SOC-10873)
- Update to version 9.0+git.1583527362.d9e9436:
* fix mysql output and root password update (SOC-11152)
Changes in ardana-designate:
- Update to version 9.0+git.1583445435.4bd1793:
* Designate zone/pool to worker/producer migration (SOC-10095)
Changes in ardana-input-model:
- Update to version 9.0+git.1584632190.9541c56:
* add port neutron security extension to CI models (SOC-11027)
Changes in ardana-logging:
- Update to version 9.0+git.1585929695.f35b591:
* Fix YAMLLoadWarning: calling yaml.load() without Loader (bsc#1168593)
Changes in ardana-monasca:
- Update to version 9.0+git.1586769889.d43d736:
* Retry systemctl status for auto-restarting services (SOC-11210)
- Update to version 9.0+git.1583359379.b92a013:
* Add certificate file check alarm (SOC-10873)
Changes in ardana-mq:
- Update to version 9.0+git.1586350749.a463fd2:
* Actually fail if sync HA queues retries exceeded (SOC-11083)
- Update to version 9.0+git.1583428243.c1a72a8:
* monitor RabbitMQ TLS certificate (SOC-10873)
Changes in ardana-neutron:
- Update to version 9.0+git.1587667603.507fb50:
* Add network.target 'After' option (bsc#1169770)
- Update to version 9.0+git.1584635234.e7e6b08:
* Add symlink for neutron-fwaas.json.j2 (bsc#1166290)
Changes in ardana-octavia:
- Update to version 9.0+git.1587486004.8e99c6b:
* Perform Neutron to Octavia migrate (SOC-11207)
- Update to version 9.0+git.1584737314.873b84c:
* Reconfigure monitor if needed (SOC-10873)
- Update to version 9.0+git.1584682274.4693189:
* fix Octavia client cert redeploy (SOC-10873)
- Update to version 9.0+git.1584392355.7368ea3:
* monitor Octavia client certificate (SOC-10873)
Changes in ardana-osconfig:
- Update to version 9.0+git.1586546715.dbd07ab:
* Ensure ovs_user and ovs_group defined (SOC-11149)
Changes in ardana-tempest:
- Update to version 9.0+git.1587398456.b31cc4a:
* Revert: Remove blacklisted octavia test(SOC-11027)
- Update to version 9.0+git.1586901636.089de51:
* Manila: Skip additional manila tests due to Ardana policy (SOC-11211)
- Update to version 9.0+git.1586875796.43d9039:
* Remove blacklisted octavia test(SOC-11027)
- Update to version 9.0+git.1586350084.01a56ee:
* Manila: Skip ShareNetworksTest due to Ardana policy (SOC-11211)
- Update to version 9.0+git.1585746746.8f38be7:
* Remove deprecated neutron extension from tempest (bsc#1124708)
- Update to version 9.0+git.1582537125.359622b:
* Enable port-security feature in tempest(SOC-11027)
Changes in ardana-tls:
- Update to version 9.0+git.1586301209.c9413b4:
* Simplify VNC cert deployment (SOC-9742)
Changes in crowbar-core:
- Update to version 6.0+git.1587558898.313bb9fd3:
* upgrade: Restart nova services at the end of disruptive upgrade (SOC-11202)
- Update to version 6.0+git.1586175344.480d46e76:
* Revert: Add lb-mgmt-net to network.json (SOC-10904)
- Update to version 6.0+git.1585339930.336361e4c:
* Add lb-mgmt-net to network.json (SOC-10904)
- Update to version 6.0+git.1585229942.1ddd6e742:
* upgrade: Point to config dir instead of config file (SOC-11171)
* upgrade: Do not call neutron-evacuate-lbaasv2-agent with use_crm (SOC-11171)
- Update to version 6.0+git.1584974229.c5a263be6:
* Update the default value of OS version (trivial)
* Ignore CVE-2020-5267 in CI (bsc#1167240)
* Ignore CVE-2020-10663 in CI (bsc#1167244)
* upgrade: Remove the assignement of crowbar-upgrade role (SOC-11166)
- Update to version 6.0+git.1584564132.03cfcb5d0:
* Remove comment that's no longer relevant (trivial)
* Move role_to_proposal method from model to controller (trivial)
* upgrade: proper check for remote elements (trivial)
* Remove FIXME proposals that won't be fixed (trivial)
* Drop unused suggestion (trivial)
* Drop obsolete code (trivial)
- Update to version 6.0+git.1583841628.7a9cacf85:
* Ignore CVE-2020-8130 in CI (bsc#1164804)
* Ignore CVE-2020-5247 (bsc#1165402)
* Ignore CVE-2020-7595 in CI (bsc#1161517)
* ses: Make SES UI safe for unknown options (trivial)
* ses: Use cinder user for nova (SOC-5269)
- Update to version 6.0+git.1583502199.abec5c91e:
* upgrade: Raise the timeout for nodes evacuation (trivial)
Changes in crowbar-ha:
- Update to version 6.0+git.1586256059.e6f67e1:
* Hide libvirt STONITH option from the UI (bsc#1084739)
- Update to version 6.0+git.1585316150.ee52acc:
* add ssl termination on haproxy (bsc#1149535)
Changes in crowbar-openstack:
- Update to version 6.0+git.1587753188.da39e44a7:
* tempest: retry openstack commands (SOC-11238)
- Update to version 6.0+git.1587560956.475ebae91:
* nova: Hide setup_shared_instance_storage (SOC-11225)
- Update to version 6.0+git.1587110382.e00bbeeb8:
* octavia: remove mgmt_net from UI (SOC-10904)
- Update to version 6.0+git.1586351116.5977d44ce:
* neutron: fix neutron cli to use internal endpoint (bsc#1168512)
- Update to version 6.0+git.1586249148.97e221138:
* neutron: don't add physnets for non-enabled networks (SOC-11204)
* octavia: move management network creation to octavia barclamp (SOC-10904)
* octavia: move amphora changes check to worker recipe
* octavia: use octavia network for health monitors (SOC-10904)
* octavia: rework emanagement network config (SOC-10904)
- Update to version 6.0+git.1585653227.5004f0a1f:
* Disable 'OpenStack RC File (identity API v2)' in horizon (bsc#1163444)
- Update to version 6.0+git.1585444839.ec56032ca:
* Revert 'Octavia: Hide UI until complete (SOC-10550)'
- Update to version 6.0+git.1585282212.df338c7f6:
* Add lb-mgmt-net for Octavia (SOC-10904)
- Update to version 6.0+git.1585237884.e441a435b:
* fix travis CI to handle reverted commits properly (SOC-11180)
- Update to version 6.0+git.1585143832.fa2fd2714:
* nova: Populate cinder SES settings early (SOC-11179)
- Update to version 6.0+git.1585068621.f53f95864:
* tempest: blacklist shelve tests when using RBD ephemeral (SOC-11176)
* tempest: disable block migration when using RBD (SOC-11176)
- Update to version 6.0+git.1584967542.06b4f7cda:
* magnum: Populate SSL configuration (SOC-9849)
* magnum: Add SSL support (SOC-9849)
- Update to version 6.0+git.1584603207.1dc71c848:
* nova: Drop redundant disk_cachemodes (trivial)
* nova: Add option to disable ephemeral on ceph (SOC-5269)
- Update to version 6.0+git.1584540693.0d3b72090:
* keystone: fix keystone node lookup (SOC-11333, bsc#1164838)
* keystone: Register SES RadosGW endpoints (SOC-5270)
* heat: Increase heat_register syncmark timeout (SOC-11103)
* heat: Simplify domain registration code (SOC-11103)
- Update to version 6.0+git.1584437931.10aebd310:
* nova: Setup CEPH secrets later (SOC-11141)
- Update to version 6.0+git.1584347033.7472a6925:
* nova: Enable ephemeral volumes on SES (SOC-5269)
Changes in memcached:
- version update to 1.5.17
* bugfixes
fix strncpy call in stats conns to avoid ASAN violation (bsc#1149110, CVE-2019-15026)
extstore: fix indentation
add error handling when calling dup function
add unlock when item_cachedump malloc failed
extstore: emulate pread(v) for macOS
fix off-by-one in logger to allow CAS commands to be logged.
use strdup for explicitly configured slab sizes
move mem_requested from slabs.c to items.c (internal cleanup)
* new features
add server address to the 'stats conns' output
log client connection id with fetchers and mutations
Add a handler for seccomp crashes
- version update to 1.5.16
* bugfixes
When nsuffix is 0 space for flags hasn't been allocated so don't memcpy them.
- version update to 1.5.15
* bugfixes
Speed up incr/decr by replacing snprintf.
Use correct buffer size for internal URI encoding.
change some links from http to https
Fix small memory leak in testapp.c.
free window_global in slab_automove_extstore.c
remove inline_ascii_response option
-Y [filename] for ascii authentication mode
fix: idle-timeout wasn't compatible with binprot
* features
-Y [authfile] enables an authentication mode for ASCII protocol.
- modified patches
% memcached-autofoo.patch (refreshed)
- version update to 1.5.14
* update -h output for -I (max item size)
* fix segfault in 'lru' command (bsc#1133817, CVE-2019-11596)
* fix compile error on centos7
* extstore: error adjusting page_size after ext_path
* extstore: fix segfault if page_count is too high.
* close delete + incr item survival race bug
* memcached-tool dump fix loss of exp value
* Fix 'qw' in 'MemcachedTest.pm' so wait_ext_flush is exported properly
* Experimental TLS support.
* Basic implementation of TLS for memcached.
* Improve Get And Touch documentation
* fix INCR/DECR refcount leak for invalid items
- modified patches
% memcached-autofoo.patch (refreshed)
Changes in openstack-ceilometer:
- Update to version ceilometer-11.1.1.dev5:
* [stable-only] Cap stestr for python 2
- Update to version ceilometer-11.1.1.dev3:
11.1.0
* Add availability\_zone attribute to gnocchi instance resources
* Set instance\_type\_id in event traits to be a string
* Fix name of option group removed in Rocky
Changes in openstack-ceilometer:
- Update to version ceilometer-11.1.1.dev5:
* [stable-only] Cap stestr for python 2
- Update to version ceilometer-11.1.1.dev3:
11.1.0
* Add availability\_zone attribute to gnocchi instance resources
* Set instance\_type\_id in event traits to be a string
* Fix name of option group removed in Rocky
Changes in openstack-cinder:
- Update to version cinder-13.0.10.dev9:
* PowerMax Driver - Legacy volume not found
* NEC driver: fix an undefined variable
- Update to version cinder-13.0.10.dev6:
* RBD: fix volume reference handling in clone logic
- Update to version cinder-13.0.10.dev4:
* [Unity] Fix TypeError for test case test\_delete\_host\_wo\_lock
- Update to version cinder-13.0.10.dev3:
* ChunkedBackupDriver: Freeing memory on restore
- Update to version cinder-13.0.10.dev1:
* Don't quote {posargs} in tox.ini
13.0.9
Changes in openstack-cinder:
- Update to version cinder-13.0.10.dev9:
* PowerMax Driver - Legacy volume not found
* NEC driver: fix an undefined variable
- Update to version cinder-13.0.10.dev6:
* RBD: fix volume reference handling in clone logic
- Update to version cinder-13.0.10.dev4:
* [Unity] Fix TypeError for test case test\_delete\_host\_wo\_lock
- Update to version cinder-13.0.10.dev3:
* ChunkedBackupDriver: Freeing memory on restore
- Update to version cinder-13.0.10.dev1:
* Don't quote {posargs} in tox.ini
13.0.9
Changes in openstack-designate:
- Update to version designate-7.0.1.dev25:
* Clean up zone locking
Changes in openstack-designate:
- Update to version designate-7.0.1.dev25:
* Clean up zone locking
Changes in openstack-heat:
- Update to version openstack-heat-11.0.3.dev35:
* Ignore Not Found when deleting Keystone role assignment
* Handle OS::Mistral::Workflow resource replacement properly
Changes in openstack-heat:
- Update to version openstack-heat-11.0.3.dev35:
* Ignore Not Found when deleting Keystone role assignment
* Handle OS::Mistral::Workflow resource replacement properly
Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev3:
* Make deploy step failure logging indicate the error
11.1.4
- Update to version ironic-11.1.4.dev26:
* Remove rocky grenade jobs
* tell reno to ignore the kilo branch
* [stable] consume virtualbmc from pip packages
Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev3:
* Make deploy step failure logging indicate the error
11.1.4
- Update to version ironic-11.1.4.dev26:
* Remove rocky grenade jobs
* tell reno to ignore the kilo branch
* [stable] consume virtualbmc from pip packages
Changes in openstack-ironic-image:
- Add haveged package (bsc#1137622)
It is needed to ensure there's enough entroy available to perform
the iSCSI operations.
Changes in openstack-manila:
- Update to version manila-7.4.2.dev4:
* Increase MANILA\_SERVICE\_VM\_FLAVOR\_DISK
- Update to version manila-7.4.2.dev3:
* If only .pyc exist, the extension API will be disabled
- Update to version manila-7.4.2.dev2:
* Enforce policy checks for share export locations
- Update to version manila-7.4.2.dev1:
* [stable-only] Pin neutron-tempest-plugin to 0.9.0
7.4.1
- Update to version manila-7.4.1.dev2:
* share\_networks: enable project\_only API only
* Fix over-quota exception of snapshot creation
7.4.0
- Update to version manila-7.4.1.dev1:
* Fix over-quota exception of snapshot creation
7.4.0
Changes in openstack-manila:
- Update to version manila-7.4.2.dev4:
* Increase MANILA\_SERVICE\_VM\_FLAVOR\_DISK
- Update to version manila-7.4.2.dev3:
* If only .pyc exist, the extension API will be disabled
- Update to version manila-7.4.2.dev2:
* Enforce policy checks for share export locations
- Update to version manila-7.4.2.dev1:
* [stable-only] Pin neutron-tempest-plugin to 0.9.0
7.4.1
- Rebased patches:
+ cve-2020-9543-stable-rocky.patch dropped (merged upstream)
- Update to version manila-7.4.1.dev2:
* share\_networks: enable project\_only API only
* Fix over-quota exception of snapshot creation
7.4.0
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev28:
* Prioritize port create and update ready messages
- Update to version neutron-13.0.8.dev26:
* Support iproute2 4.15 in l3\_tc\_lib
- Update to version neutron-13.0.8.dev24:
* Add trunk subports to be one of dvr serviced device owners
- Update to version neutron-13.0.8.dev22:
* Filter by owner SGs when retrieving the SG rules
* Delay HA router transition from 'backup' to 'master'
* Increase waiting time for network rescheduling
* Check dnsmasq process is active when spawned
* Wait before deleting trunk bridges for DPDK vhu
* [DVR] Don't populate unbound ports in router's ARP cache
* Optimize DVR related port DB query
- Update to version neutron-13.0.8.dev9:
* Add bulk IP address assignment to ipam driver
- Update to version neutron-13.0.8.dev7:
* Add accepted egress direct flow
- Update to version neutron-13.0.8.dev6:
* Add VLAN type conntrack direct flow
- Update to version neutron-13.0.8.dev4:
* Use rally-openstack 1.7.0 for stable/rocky
- Update to version neutron-13.0.8.dev3:
* Remove extra header fields in proxied metadata requests
* Ensure that default SG exists during list of SG rules API call
13.0.7
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev28:
* Prioritize port create and update ready messages
- Update to version neutron-13.0.8.dev26:
* Support iproute2 4.15 in l3\_tc\_lib
- Update to version neutron-13.0.8.dev24:
* Add trunk subports to be one of dvr serviced device owners
- Update to version neutron-13.0.8.dev22:
* Filter by owner SGs when retrieving the SG rules
* Delay HA router transition from 'backup' to 'master'
* Increase waiting time for network rescheduling
* Check dnsmasq process is active when spawned
* Wait before deleting trunk bridges for DPDK vhu
* [DVR] Don't populate unbound ports in router's ARP cache
* Optimize DVR related port DB query
- Update to version neutron-13.0.8.dev9:
* Add bulk IP address assignment to ipam driver
- Update to version neutron-13.0.8.dev7:
* Add accepted egress direct flow
- Update to version neutron-13.0.8.dev6:
* Add VLAN type conntrack direct flow
- Update to version neutron-13.0.8.dev4:
* Use rally-openstack 1.7.0 for stable/rocky
- Update to version neutron-13.0.8.dev3:
* Remove extra header fields in proxied metadata requests
* Ensure that default SG exists during list of SG rules API call
13.0.7
Changes in openstack-nova:
- Update to version nova-18.3.1.dev17:
* Unplug VIFs as part of cleanup of networks
- Update to version nova-18.3.1.dev16:
* Functional test for UnexpectedDeletingTaskStateError
- Update to version nova-18.3.1.dev15:
* nova-live-migration: Wait for n-cpu services to come up after configuring Ceph
* Replace ansible --sudo with --become in live\_migration/hooks scripts
- Update to version nova-18.3.1.dev11:
* Fix os-keypairs pagination links
- Update to version nova-18.3.1.dev9:
* Enhance service restart in functional env
* Fix hypervisors paginted collection\_name
* Avoid circular reference during serialization
- Update to version nova-18.3.1.dev4:
* Remove global state from the FakeDriver
- Update to version nova-18.3.1.dev3:
* Add retry\_on\_deadlock to migration\_update DB API
* libvirt: Ignore DiskNotFound during update\_available\_resource
18.3.0
Changes in openstack-nova:
- Update to version nova-18.3.1.dev17:
* Unplug VIFs as part of cleanup of networks
- Update to version nova-18.3.1.dev16:
* Functional test for UnexpectedDeletingTaskStateError
- Update to version nova-18.3.1.dev15:
* nova-live-migration: Wait for n-cpu services to come up after configuring Ceph
* Replace ansible --sudo with --become in live\_migration/hooks scripts
- Update to version nova-18.3.1.dev11:
* Fix os-keypairs pagination links
- Update to version nova-18.3.1.dev9:
* Enhance service restart in functional env
* Fix hypervisors paginted collection\_name
* Avoid circular reference during serialization
- Update to version nova-18.3.1.dev4:
* Remove global state from the FakeDriver
- Update to version nova-18.3.1.dev3:
* Add retry\_on\_deadlock to migration\_update DB API
* libvirt: Ignore DiskNotFound during update\_available\_resource
18.3.0
Changes in openstack-octavia:
- Update to version octavia-3.2.3.dev2:
* Pick stale amphora randomly
- Update to version octavia-3.2.3.dev1:
* Remove the barbican 'Grant access' from cookbook
3.2.2
- Add patch 0001-HTTPS-HMs-need-the-same-validation-path-as-HTTP.patch (bsc#1165723)
https://review.opendev.org/#/c/710161/
Change-Id: I2fd51664336dca51f134b3fccd3e8c936b809839
Changes in openstack-octavia-amphora-image:
- Update image to 0.1.3 to include latest changes
Changes in python-cinderclient:
- update to version 4.0.3
- Add missed 'Server ID' output in attachment-list
Changes in python-glanceclient:
- update to version 2.13.2
- OpenDev Migration Patch
Changes in python-ironic-lib:
- update to version 2.14.3
- Use last digit to determine paritition naming scheme
- Erase expected GPT locations in metadata wipe
- Rescan after making partition changes
Changes in python-ironicclient:
- update to version 2.5.4
- fix session cert arguments
Changes in python-keystonemiddleware:
- update to version 5.2.2
- Make tests pass in 2022
- Make sure audit middleware use own context
Changes in python-manila-tempest-plugin:
- added 0002-Fix-export-locations-tests.patch
Changes in python-novaclient:
- update to version 11.0.1
- Add test for console-log and docs for bug 1746534
- Use SHA256 instead of MD5 in completion cache
- Improve the description of optional arguments
- Revert 'Fix crashing console-log'
- Fix up userdata argument to rebuild.
- OpenDev Migration Patch
- Stop silently ignoring invalid 'nova boot --hint' options
- Add missing options in CLI reference
- import zuul job settings from project-config
- Update .gitreview for stable/rocky
- Replace openstack.org git:// URLs with https://
- Update UPPER_CONSTRAINTS_FILE for stable/rocky
- Follow up 'Fix up userdata argument to rebuild'
Changes in python-octaviaclient:
- update to version 1.6.2
- Fix long CLI error messages
- Update tox.ini for new upper constraints strategy
Changes in python-openstackclient:
- update to version 3.16.3
- Fix bug in endpoint group deletion
- OpenDev Migration Patch
- Fix: Restore output 'VolumeBackupsRestore' object is not iterable
- Stable branch combination fix
- Add --name-lookup-one-by-one option to server list
- Fix BFV server list handling with --name-lookup-one-by-one
- Fix compute service set handling for 2.53+
- Don't display router's is_ha and is_distributed attributes always
- Document 2.53 behavior for compute service list/delete
- Remove str() when setting network objects names
Changes in python-os-brick:
- update to version 2.5.10
- Check path alive before get scsi wwn
- Skip cryptsetup password quality checking
- iscsi: Add _get_device_link retry when waiting for /dev/disk/by-id/ to populate
- linuxscsi: Stop waiting for multipath devices during extend_volume
- Handle None value 'inititator_target_map'
- Fix FC scan too broad
- Ignore pep8 W503/W504
Changes in python-oslo.config:
- update to version 6.4.2
- Use constraints when building docs
- Ensure option groups don't change during logging
- OpenDev Migration Patch
Changes in python-oslo.rootwrap:
- update to version 5.14.2
- Run rootwrap with lower fd ulimit by default
- Update UPPER_CONSTRAINTS_FILE for stable/rocky
- import zuul job settings from project-config
- Update .gitreview for stable/rocky
- OpenDev Migration Patch
Changes in python-oslo.utils:
- update to version 3.36.5
- import zuul job settings from project-config
- Update UPPER_CONSTRAINTS_FILE for stable/rocky
- Make mask_dict_password case insensitive and add new patterns
- Update .gitreview for stable/rocky
- OpenDev Migration Patch
- Make mask_password case insensitive, and add new patterns
- Mask encryption_key_id
Changes in python-swiftclient:
- update to version 3.6.1
- OpenDev Migration Patch
- Fix SLO re-upload
- Update .gitreview for stable/rocky
- Changelog for 3.6.1
- import zuul job settings from project-config
- Fix up stable gate
- Use Swift's in-tree DSVM test
Changes in python-watcherclient:
- update to version 2.1.1
- Update .gitreview for stable/rocky
- OpenDev Migration Patch
- Update UPPER_CONSTRAINTS_FILE for stable/rocky
- import zuul job settings from project-config
- Replace openstack.org git:// URLs with https://
- fix watcher actionplan show command
Changes in release-notes-suse-openstack-cloud:
- Update to version 9.20200319:
* Update release notes to indicate Designate support has shipped
Changes in zookeeper:
- Apply 0002-Apply-patch-to-resolve-CVE-2019-0201.patch
This applies the patch for ZOOKEEPER-1392 to resolve CVE-2019-0201
Should not allow to read ACL when not authorized to read node
(bsc#1135773)
Patchnames
SUSE-2020-1190,SUSE-OpenStack-Cloud-9-2020-1190,SUSE-OpenStack-Cloud-Crowbar-9-2020-1190
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for ardana-ansible, ardana-barbican, ardana-cluster, ardana-db, ardana-designate, ardana-input-model, ardana-logging, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, memcached, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-ironic, openstack-ironic-image, openstack-manila, openstack-neutron, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, python-cinderclient, python-glanceclient, python-ironic-lib, python-ironicclient, python-keystonemiddleware, python-manila-tempest-plugin, python-novaclient, python-octaviaclient, python-openstackclient, python-os-brick, python-oslo.config, python-oslo.rootwrap, python-oslo.utils, python-swiftclient, python-watcherclient, release-notes-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, zookeeper", title: "Title of the patch", }, { category: "description", text: "This update for ardana-ansible, ardana-barbican, ardana-cluster, ardana-db, ardana-designate, ardana-input-model, ardana-logging, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, memcached, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-ironic, openstack-ironic-image, openstack-manila, openstack-neutron, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, python-cinderclient, python-glanceclient, python-ironic-lib, python-ironicclient, python-keystonemiddleware, python-manila-tempest-plugin, python-novaclient, python-octaviaclient, python-openstackclient, python-os-brick, python-oslo.config, python-oslo.rootwrap, python-oslo.utils, python-swiftclient, python-watcherclient, release-notes-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, zookeeper contains the following fixes:\n\nSecurity fixes for memcached:\n- CVE-2019-15026: Fixed a stack-based buffer over-read in conn_to_str() (bsc#1149110).\n- CVE-2019-11596: Fixed a denial of service when parsing crafted lru command messages in process_lru_comma() (bsc#1133817).\n\nSecurity fixes for zookeeper:\n- CVE-2019-0201: Fixed a information disclosure vulnerability related to getACL() (bsc#1135773).\n\nChanges in rubygem-crowbar-client:\n- Update to 3.9.2\n - Enable SES commands in Cloud8 (SOC-11122)\n\nChanges in rubygem-puma:\n- Add CVE-2020-5247.patch (bsc#1165402)\n 'Fixes a problem where we were not splitting newlines in headers\n according to Rack spec'\n The patch is reduced compared to the upstream version, which was\n patching also the parts that are not implemented in our old Puma\n version. This applies to unit test as well.\n\nChanges in ardana-ansible:\n- Update to version 9.0+git.1587034359.a12678b:\n * Include SLE 12 SP3 LTSS repos in list of managed repos (SOC-11223)\n\n- Update to version 9.0+git.1586793433.f7bbf1b:\n * Ensure rabbitmq-server not running during dist-upgrade (SOC-11083)\n\n- Update to version 9.0+git.1586521995.f709c73:\n * Upgrade packages before _osconfig-upgrade.yml (SOC-11149)\n\n- Update to version 9.0+git.1584135277.f4d488a:\n * Serialise the _ardana-update-base.yml zypper actions (SOC-11083)\n\n- Update to version 9.0+git.1583518616.d4eb33f:\n * Upgrade pre-checks in Cloud 8 and Cloud 9 (SOC-10300)\n\nChanges in ardana-barbican:\n- Update to version 9.0+git.1583953599.cd723bb:\n * monitor ardana-node-cert (SOC-10873)\n\nChanges in ardana-cluster:\n- Update to version 9.0+git.1585653734.c1fe3b2:\n * Use bool filter to ensure valid boolean evaluation (SOC-11192)\n\nChanges in ardana-db:\n- Update to version 9.0+git.1586543314.6b6aa20:\n * Improve boostrap error handling (SOC-11207)\n\n- Update to version 9.0+git.1583946648.0892bab:\n * monitor MySQL TLS certificate (SOC-10873)\n\n- Update to version 9.0+git.1583527362.d9e9436:\n * fix mysql output and root password update (SOC-11152)\n\nChanges in ardana-designate:\n- Update to version 9.0+git.1583445435.4bd1793:\n * Designate zone/pool to worker/producer migration (SOC-10095)\n\nChanges in ardana-input-model:\n- Update to version 9.0+git.1584632190.9541c56:\n * add port neutron security extension to CI models (SOC-11027)\n\nChanges in ardana-logging:\n- Update to version 9.0+git.1585929695.f35b591:\n * Fix YAMLLoadWarning: calling yaml.load() without Loader (bsc#1168593)\n\nChanges in ardana-monasca:\n- Update to version 9.0+git.1586769889.d43d736:\n * Retry systemctl status for auto-restarting services (SOC-11210)\n\n- Update to version 9.0+git.1583359379.b92a013:\n * Add certificate file check alarm (SOC-10873)\n\nChanges in ardana-mq:\n- Update to version 9.0+git.1586350749.a463fd2:\n * Actually fail if sync HA queues retries exceeded (SOC-11083)\n\n- Update to version 9.0+git.1583428243.c1a72a8:\n * monitor RabbitMQ TLS certificate (SOC-10873)\n\nChanges in ardana-neutron:\n- Update to version 9.0+git.1587667603.507fb50:\n * Add network.target 'After' option (bsc#1169770)\n\n- Update to version 9.0+git.1584635234.e7e6b08:\n * Add symlink for neutron-fwaas.json.j2 (bsc#1166290)\n\nChanges in ardana-octavia:\n- Update to version 9.0+git.1587486004.8e99c6b:\n * Perform Neutron to Octavia migrate (SOC-11207)\n\n- Update to version 9.0+git.1584737314.873b84c:\n * Reconfigure monitor if needed (SOC-10873)\n\n- Update to version 9.0+git.1584682274.4693189:\n * fix Octavia client cert redeploy (SOC-10873)\n\n- Update to version 9.0+git.1584392355.7368ea3:\n * monitor Octavia client certificate (SOC-10873)\n\nChanges in ardana-osconfig:\n- Update to version 9.0+git.1586546715.dbd07ab:\n * Ensure ovs_user and ovs_group defined (SOC-11149)\n\nChanges in ardana-tempest:\n- Update to version 9.0+git.1587398456.b31cc4a:\n * Revert: Remove blacklisted octavia test(SOC-11027)\n\n- Update to version 9.0+git.1586901636.089de51:\n * Manila: Skip additional manila tests due to Ardana policy (SOC-11211)\n\n- Update to version 9.0+git.1586875796.43d9039:\n * Remove blacklisted octavia test(SOC-11027)\n\n- Update to version 9.0+git.1586350084.01a56ee:\n * Manila: Skip ShareNetworksTest due to Ardana policy (SOC-11211)\n\n- Update to version 9.0+git.1585746746.8f38be7:\n * Remove deprecated neutron extension from tempest (bsc#1124708)\n\n- Update to version 9.0+git.1582537125.359622b:\n * Enable port-security feature in tempest(SOC-11027)\n\nChanges in ardana-tls:\n- Update to version 9.0+git.1586301209.c9413b4:\n * Simplify VNC cert deployment (SOC-9742)\n\nChanges in crowbar-core:\n- Update to version 6.0+git.1587558898.313bb9fd3:\n * upgrade: Restart nova services at the end of disruptive upgrade (SOC-11202)\n\n- Update to version 6.0+git.1586175344.480d46e76:\n * Revert: Add lb-mgmt-net to network.json (SOC-10904)\n\n- Update to version 6.0+git.1585339930.336361e4c:\n * Add lb-mgmt-net to network.json (SOC-10904)\n\n- Update to version 6.0+git.1585229942.1ddd6e742:\n * upgrade: Point to config dir instead of config file (SOC-11171)\n * upgrade: Do not call neutron-evacuate-lbaasv2-agent with use_crm (SOC-11171)\n\n- Update to version 6.0+git.1584974229.c5a263be6:\n * Update the default value of OS version (trivial)\n * Ignore CVE-2020-5267 in CI (bsc#1167240)\n * Ignore CVE-2020-10663 in CI (bsc#1167244)\n * upgrade: Remove the assignement of crowbar-upgrade role (SOC-11166)\n\n- Update to version 6.0+git.1584564132.03cfcb5d0:\n * Remove comment that's no longer relevant (trivial)\n * Move role_to_proposal method from model to controller (trivial)\n * upgrade: proper check for remote elements (trivial)\n * Remove FIXME proposals that won't be fixed (trivial)\n * Drop unused suggestion (trivial)\n * Drop obsolete code (trivial)\n\n- Update to version 6.0+git.1583841628.7a9cacf85:\n * Ignore CVE-2020-8130 in CI (bsc#1164804)\n * Ignore CVE-2020-5247 (bsc#1165402)\n * Ignore CVE-2020-7595 in CI (bsc#1161517)\n * ses: Make SES UI safe for unknown options (trivial)\n * ses: Use cinder user for nova (SOC-5269)\n\n- Update to version 6.0+git.1583502199.abec5c91e:\n * upgrade: Raise the timeout for nodes evacuation (trivial)\n\nChanges in crowbar-ha:\n- Update to version 6.0+git.1586256059.e6f67e1:\n * Hide libvirt STONITH option from the UI (bsc#1084739)\n\n- Update to version 6.0+git.1585316150.ee52acc:\n * add ssl termination on haproxy (bsc#1149535)\n\nChanges in crowbar-openstack:\n- Update to version 6.0+git.1587753188.da39e44a7:\n * tempest: retry openstack commands (SOC-11238)\n\n- Update to version 6.0+git.1587560956.475ebae91:\n * nova: Hide setup_shared_instance_storage (SOC-11225)\n\n- Update to version 6.0+git.1587110382.e00bbeeb8:\n * octavia: remove mgmt_net from UI (SOC-10904)\n\n- Update to version 6.0+git.1586351116.5977d44ce:\n * neutron: fix neutron cli to use internal endpoint (bsc#1168512)\n\n- Update to version 6.0+git.1586249148.97e221138:\n * neutron: don't add physnets for non-enabled networks (SOC-11204)\n * octavia: move management network creation to octavia barclamp (SOC-10904)\n * octavia: move amphora changes check to worker recipe\n * octavia: use octavia network for health monitors (SOC-10904)\n * octavia: rework emanagement network config (SOC-10904)\n\n- Update to version 6.0+git.1585653227.5004f0a1f:\n * Disable 'OpenStack RC File (identity API v2)' in horizon (bsc#1163444)\n\n- Update to version 6.0+git.1585444839.ec56032ca:\n * Revert 'Octavia: Hide UI until complete (SOC-10550)'\n\n- Update to version 6.0+git.1585282212.df338c7f6:\n * Add lb-mgmt-net for Octavia (SOC-10904)\n\n- Update to version 6.0+git.1585237884.e441a435b:\n * fix travis CI to handle reverted commits properly (SOC-11180)\n\n- Update to version 6.0+git.1585143832.fa2fd2714:\n * nova: Populate cinder SES settings early (SOC-11179)\n\n- Update to version 6.0+git.1585068621.f53f95864:\n * tempest: blacklist shelve tests when using RBD ephemeral (SOC-11176)\n * tempest: disable block migration when using RBD (SOC-11176)\n\n- Update to version 6.0+git.1584967542.06b4f7cda:\n * magnum: Populate SSL configuration (SOC-9849)\n * magnum: Add SSL support (SOC-9849)\n\n- Update to version 6.0+git.1584603207.1dc71c848:\n * nova: Drop redundant disk_cachemodes (trivial)\n * nova: Add option to disable ephemeral on ceph (SOC-5269)\n\n- Update to version 6.0+git.1584540693.0d3b72090:\n * keystone: fix keystone node lookup (SOC-11333, bsc#1164838)\n * keystone: Register SES RadosGW endpoints (SOC-5270)\n * heat: Increase heat_register syncmark timeout (SOC-11103)\n * heat: Simplify domain registration code (SOC-11103)\n\n- Update to version 6.0+git.1584437931.10aebd310:\n * nova: Setup CEPH secrets later (SOC-11141)\n\n- Update to version 6.0+git.1584347033.7472a6925:\n * nova: Enable ephemeral volumes on SES (SOC-5269)\n\nChanges in memcached:\n- version update to 1.5.17\n * bugfixes\n fix strncpy call in stats conns to avoid ASAN violation (bsc#1149110, CVE-2019-15026)\n extstore: fix indentation\n add error handling when calling dup function\n add unlock when item_cachedump malloc failed\n extstore: emulate pread(v) for macOS\n fix off-by-one in logger to allow CAS commands to be logged.\n use strdup for explicitly configured slab sizes\n move mem_requested from slabs.c to items.c (internal cleanup)\n * new features\n add server address to the 'stats conns' output\n log client connection id with fetchers and mutations\n Add a handler for seccomp crashes\n- version update to 1.5.16\n * bugfixes\n When nsuffix is 0 space for flags hasn't been allocated so don't memcpy them.\n- version update to 1.5.15\n * bugfixes\n Speed up incr/decr by replacing snprintf.\n Use correct buffer size for internal URI encoding.\n change some links from http to https\n Fix small memory leak in testapp.c.\n free window_global in slab_automove_extstore.c\n remove inline_ascii_response option\n -Y [filename] for ascii authentication mode\n fix: idle-timeout wasn't compatible with binprot\n * features\n -Y [authfile] enables an authentication mode for ASCII protocol.\n- modified patches\n % memcached-autofoo.patch (refreshed)\n\n- version update to 1.5.14\n * update -h output for -I (max item size)\n * fix segfault in 'lru' command (bsc#1133817, CVE-2019-11596)\n * fix compile error on centos7\n * extstore: error adjusting page_size after ext_path\n * extstore: fix segfault if page_count is too high.\n * close delete + incr item survival race bug\n * memcached-tool dump fix loss of exp value\n * Fix 'qw' in 'MemcachedTest.pm' so wait_ext_flush is exported properly\n * Experimental TLS support.\n * Basic implementation of TLS for memcached.\n * Improve Get And Touch documentation\n * fix INCR/DECR refcount leak for invalid items\n- modified patches\n % memcached-autofoo.patch (refreshed)\n\nChanges in openstack-ceilometer:\n- Update to version ceilometer-11.1.1.dev5:\n * [stable-only] Cap stestr for python 2\n\n- Update to version ceilometer-11.1.1.dev3:\n 11.1.0\n * Add availability\\_zone attribute to gnocchi instance resources\n * Set instance\\_type\\_id in event traits to be a string\n * Fix name of option group removed in Rocky\n\nChanges in openstack-ceilometer:\n- Update to version ceilometer-11.1.1.dev5:\n * [stable-only] Cap stestr for python 2\n\n- Update to version ceilometer-11.1.1.dev3:\n 11.1.0\n * Add availability\\_zone attribute to gnocchi instance resources\n * Set instance\\_type\\_id in event traits to be a string\n * Fix name of option group removed in Rocky\n\nChanges in openstack-cinder:\n- Update to version cinder-13.0.10.dev9:\n * PowerMax Driver - Legacy volume not found\n * NEC driver: fix an undefined variable\n\n- Update to version cinder-13.0.10.dev6:\n * RBD: fix volume reference handling in clone logic\n\n- Update to version cinder-13.0.10.dev4:\n * [Unity] Fix TypeError for test case test\\_delete\\_host\\_wo\\_lock\n\n- Update to version cinder-13.0.10.dev3:\n * ChunkedBackupDriver: Freeing memory on restore\n\n- Update to version cinder-13.0.10.dev1:\n * Don't quote {posargs} in tox.ini\n 13.0.9\n\nChanges in openstack-cinder:\n- Update to version cinder-13.0.10.dev9:\n * PowerMax Driver - Legacy volume not found\n * NEC driver: fix an undefined variable\n\n- Update to version cinder-13.0.10.dev6:\n * RBD: fix volume reference handling in clone logic\n\n- Update to version cinder-13.0.10.dev4:\n * [Unity] Fix TypeError for test case test\\_delete\\_host\\_wo\\_lock\n\n- Update to version cinder-13.0.10.dev3:\n * ChunkedBackupDriver: Freeing memory on restore\n\n- Update to version cinder-13.0.10.dev1:\n * Don't quote {posargs} in tox.ini\n 13.0.9\n\nChanges in openstack-designate:\n- Update to version designate-7.0.1.dev25:\n * Clean up zone locking\n\nChanges in openstack-designate:\n- Update to version designate-7.0.1.dev25:\n * Clean up zone locking\n\nChanges in openstack-heat:\n- Update to version openstack-heat-11.0.3.dev35:\n * Ignore Not Found when deleting Keystone role assignment\n * Handle OS::Mistral::Workflow resource replacement properly\n\nChanges in openstack-heat:\n- Update to version openstack-heat-11.0.3.dev35:\n * Ignore Not Found when deleting Keystone role assignment\n * Handle OS::Mistral::Workflow resource replacement properly\n\nChanges in openstack-ironic:\n- Update to version ironic-11.1.5.dev3:\n * Make deploy step failure logging indicate the error\n 11.1.4\n\n- Update to version ironic-11.1.4.dev26:\n * Remove rocky grenade jobs\n * tell reno to ignore the kilo branch\n * [stable] consume virtualbmc from pip packages\n\nChanges in openstack-ironic:\n- Update to version ironic-11.1.5.dev3:\n * Make deploy step failure logging indicate the error\n 11.1.4\n\n- Update to version ironic-11.1.4.dev26:\n * Remove rocky grenade jobs\n * tell reno to ignore the kilo branch\n * [stable] consume virtualbmc from pip packages\n\nChanges in openstack-ironic-image:\n- Add haveged package (bsc#1137622)\n It is needed to ensure there's enough entroy available to perform\n the iSCSI operations.\n\nChanges in openstack-manila:\n- Update to version manila-7.4.2.dev4:\n * Increase MANILA\\_SERVICE\\_VM\\_FLAVOR\\_DISK\n\n- Update to version manila-7.4.2.dev3:\n * If only .pyc exist, the extension API will be disabled\n\n- Update to version manila-7.4.2.dev2:\n * Enforce policy checks for share export locations\n\n- Update to version manila-7.4.2.dev1:\n * [stable-only] Pin neutron-tempest-plugin to 0.9.0\n 7.4.1\n\n- Update to version manila-7.4.1.dev2:\n * share\\_networks: enable project\\_only API only\n * Fix over-quota exception of snapshot creation\n 7.4.0\n\n- Update to version manila-7.4.1.dev1:\n * Fix over-quota exception of snapshot creation\n 7.4.0\n\nChanges in openstack-manila:\n- Update to version manila-7.4.2.dev4:\n * Increase MANILA\\_SERVICE\\_VM\\_FLAVOR\\_DISK\n\n- Update to version manila-7.4.2.dev3:\n * If only .pyc exist, the extension API will be disabled\n\n- Update to version manila-7.4.2.dev2:\n * Enforce policy checks for share export locations\n\n- Update to version manila-7.4.2.dev1:\n * [stable-only] Pin neutron-tempest-plugin to 0.9.0\n 7.4.1\n\n- Rebased patches:\n + cve-2020-9543-stable-rocky.patch dropped (merged upstream)\n\n- Update to version manila-7.4.1.dev2:\n * share\\_networks: enable project\\_only API only\n * Fix over-quota exception of snapshot creation\n 7.4.0\n\nChanges in openstack-neutron:\n- Update to version neutron-13.0.8.dev28:\n * Prioritize port create and update ready messages\n\n- Update to version neutron-13.0.8.dev26:\n * Support iproute2 4.15 in l3\\_tc\\_lib\n\n- Update to version neutron-13.0.8.dev24:\n * Add trunk subports to be one of dvr serviced device owners\n\n- Update to version neutron-13.0.8.dev22:\n * Filter by owner SGs when retrieving the SG rules\n * Delay HA router transition from 'backup' to 'master'\n * Increase waiting time for network rescheduling\n * Check dnsmasq process is active when spawned\n * Wait before deleting trunk bridges for DPDK vhu\n * [DVR] Don't populate unbound ports in router's ARP cache\n * Optimize DVR related port DB query\n\n- Update to version neutron-13.0.8.dev9:\n * Add bulk IP address assignment to ipam driver\n\n- Update to version neutron-13.0.8.dev7:\n * Add accepted egress direct flow\n\n- Update to version neutron-13.0.8.dev6:\n * Add VLAN type conntrack direct flow\n\n- Update to version neutron-13.0.8.dev4:\n * Use rally-openstack 1.7.0 for stable/rocky\n\n- Update to version neutron-13.0.8.dev3:\n * Remove extra header fields in proxied metadata requests\n * Ensure that default SG exists during list of SG rules API call\n 13.0.7\n\nChanges in openstack-neutron:\n- Update to version neutron-13.0.8.dev28:\n * Prioritize port create and update ready messages\n\n- Update to version neutron-13.0.8.dev26:\n * Support iproute2 4.15 in l3\\_tc\\_lib\n\n- Update to version neutron-13.0.8.dev24:\n * Add trunk subports to be one of dvr serviced device owners\n\n- Update to version neutron-13.0.8.dev22:\n * Filter by owner SGs when retrieving the SG rules\n * Delay HA router transition from 'backup' to 'master'\n * Increase waiting time for network rescheduling\n * Check dnsmasq process is active when spawned\n * Wait before deleting trunk bridges for DPDK vhu\n * [DVR] Don't populate unbound ports in router's ARP cache\n * Optimize DVR related port DB query\n\n- Update to version neutron-13.0.8.dev9:\n * Add bulk IP address assignment to ipam driver\n\n- Update to version neutron-13.0.8.dev7:\n * Add accepted egress direct flow\n\n- Update to version neutron-13.0.8.dev6:\n * Add VLAN type conntrack direct flow\n\n- Update to version neutron-13.0.8.dev4:\n * Use rally-openstack 1.7.0 for stable/rocky\n\n- Update to version neutron-13.0.8.dev3:\n * Remove extra header fields in proxied metadata requests\n * Ensure that default SG exists during list of SG rules API call\n 13.0.7\n\nChanges in openstack-nova:\n- Update to version nova-18.3.1.dev17:\n * Unplug VIFs as part of cleanup of networks\n\n- Update to version nova-18.3.1.dev16:\n * Functional test for UnexpectedDeletingTaskStateError\n\n- Update to version nova-18.3.1.dev15:\n * nova-live-migration: Wait for n-cpu services to come up after configuring Ceph\n * Replace ansible --sudo with --become in live\\_migration/hooks scripts\n\n- Update to version nova-18.3.1.dev11:\n * Fix os-keypairs pagination links\n\n- Update to version nova-18.3.1.dev9:\n * Enhance service restart in functional env\n * Fix hypervisors paginted collection\\_name\n * Avoid circular reference during serialization\n\n- Update to version nova-18.3.1.dev4:\n * Remove global state from the FakeDriver\n\n- Update to version nova-18.3.1.dev3:\n * Add retry\\_on\\_deadlock to migration\\_update DB API\n * libvirt: Ignore DiskNotFound during update\\_available\\_resource\n 18.3.0\n\nChanges in openstack-nova:\n- Update to version nova-18.3.1.dev17:\n * Unplug VIFs as part of cleanup of networks\n\n- Update to version nova-18.3.1.dev16:\n * Functional test for UnexpectedDeletingTaskStateError\n\n- Update to version nova-18.3.1.dev15:\n * nova-live-migration: Wait for n-cpu services to come up after configuring Ceph\n * Replace ansible --sudo with --become in live\\_migration/hooks scripts\n\n- Update to version nova-18.3.1.dev11:\n * Fix os-keypairs pagination links\n\n- Update to version nova-18.3.1.dev9:\n * Enhance service restart in functional env\n * Fix hypervisors paginted collection\\_name\n * Avoid circular reference during serialization\n\n- Update to version nova-18.3.1.dev4:\n * Remove global state from the FakeDriver\n\n- Update to version nova-18.3.1.dev3:\n * Add retry\\_on\\_deadlock to migration\\_update DB API\n * libvirt: Ignore DiskNotFound during update\\_available\\_resource\n 18.3.0\n\nChanges in openstack-octavia:\n- Update to version octavia-3.2.3.dev2:\n * Pick stale amphora randomly\n\n- Update to version octavia-3.2.3.dev1:\n * Remove the barbican 'Grant access' from cookbook\n 3.2.2\n\n- Add patch 0001-HTTPS-HMs-need-the-same-validation-path-as-HTTP.patch (bsc#1165723)\n https://review.opendev.org/#/c/710161/\n Change-Id: I2fd51664336dca51f134b3fccd3e8c936b809839\n\nChanges in openstack-octavia-amphora-image:\n- Update image to 0.1.3 to include latest changes\n\nChanges in python-cinderclient:\n- update to version 4.0.3\n - Add missed 'Server ID' output in attachment-list\n\nChanges in python-glanceclient:\n- update to version 2.13.2\n - OpenDev Migration Patch\n\nChanges in python-ironic-lib:\n- update to version 2.14.3\n - Use last digit to determine paritition naming scheme\n - Erase expected GPT locations in metadata wipe\n - Rescan after making partition changes\n\nChanges in python-ironicclient:\n- update to version 2.5.4\n - fix session cert arguments\n\nChanges in python-keystonemiddleware:\n- update to version 5.2.2\n - Make tests pass in 2022\n - Make sure audit middleware use own context\n\nChanges in python-manila-tempest-plugin:\n- added 0002-Fix-export-locations-tests.patch\n\nChanges in python-novaclient:\n- update to version 11.0.1\n - Add test for console-log and docs for bug 1746534\n - Use SHA256 instead of MD5 in completion cache\n - Improve the description of optional arguments\n - Revert 'Fix crashing console-log'\n - Fix up userdata argument to rebuild.\n - OpenDev Migration Patch\n - Stop silently ignoring invalid 'nova boot --hint' options\n - Add missing options in CLI reference\n - import zuul job settings from project-config\n - Update .gitreview for stable/rocky\n - Replace openstack.org git:// URLs with https://\n - Update UPPER_CONSTRAINTS_FILE for stable/rocky\n - Follow up 'Fix up userdata argument to rebuild'\n\nChanges in python-octaviaclient:\n- update to version 1.6.2\n - Fix long CLI error messages\n - Update tox.ini for new upper constraints strategy\n\nChanges in python-openstackclient:\n- update to version 3.16.3\n - Fix bug in endpoint group deletion\n - OpenDev Migration Patch\n - Fix: Restore output 'VolumeBackupsRestore' object is not iterable\n - Stable branch combination fix\n - Add --name-lookup-one-by-one option to server list\n - Fix BFV server list handling with --name-lookup-one-by-one\n - Fix compute service set handling for 2.53+\n - Don't display router's is_ha and is_distributed attributes always\n - Document 2.53 behavior for compute service list/delete\n - Remove str() when setting network objects names\n\nChanges in python-os-brick:\n- update to version 2.5.10\n - Check path alive before get scsi wwn\n - Skip cryptsetup password quality checking\n - iscsi: Add _get_device_link retry when waiting for /dev/disk/by-id/ to populate\n - linuxscsi: Stop waiting for multipath devices during extend_volume\n - Handle None value 'inititator_target_map'\n - Fix FC scan too broad\n - Ignore pep8 W503/W504\n\nChanges in python-oslo.config:\n- update to version 6.4.2\n - Use constraints when building docs\n - Ensure option groups don't change during logging\n - OpenDev Migration Patch\n\nChanges in python-oslo.rootwrap:\n- update to version 5.14.2\n - Run rootwrap with lower fd ulimit by default\n - Update UPPER_CONSTRAINTS_FILE for stable/rocky\n - import zuul job settings from project-config\n - Update .gitreview for stable/rocky\n - OpenDev Migration Patch\n\nChanges in python-oslo.utils:\n- update to version 3.36.5\n - import zuul job settings from project-config\n - Update UPPER_CONSTRAINTS_FILE for stable/rocky\n - Make mask_dict_password case insensitive and add new patterns\n - Update .gitreview for stable/rocky\n - OpenDev Migration Patch\n - Make mask_password case insensitive, and add new patterns\n - Mask encryption_key_id\n\nChanges in python-swiftclient:\n- update to version 3.6.1\n - OpenDev Migration Patch\n - Fix SLO re-upload\n - Update .gitreview for stable/rocky\n - Changelog for 3.6.1\n - import zuul job settings from project-config\n - Fix up stable gate\n - Use Swift's in-tree DSVM test\n\nChanges in python-watcherclient:\n- update to version 2.1.1\n - Update .gitreview for stable/rocky\n - OpenDev Migration Patch\n - Update UPPER_CONSTRAINTS_FILE for stable/rocky\n - import zuul job settings from project-config\n - Replace openstack.org git:// URLs with https://\n - fix watcher actionplan show command\n\nChanges in release-notes-suse-openstack-cloud:\n- Update to version 9.20200319:\n * Update release notes to indicate Designate support has shipped\n\nChanges in zookeeper:\n- Apply 0002-Apply-patch-to-resolve-CVE-2019-0201.patch\n This applies the patch for ZOOKEEPER-1392 to resolve CVE-2019-0201\n Should not allow to read ACL when not authorized to read node \n (bsc#1135773)\n ", title: "Description of the patch", }, { category: "details", text: "SUSE-2020-1190,SUSE-OpenStack-Cloud-9-2020-1190,SUSE-OpenStack-Cloud-Crowbar-9-2020-1190", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_1190-1.json", }, { category: "self", summary: "URL for SUSE-SU-2020:1190-1", url: "https://www.suse.com/support/update/announcement/2020/suse-su-20201190-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2020:1190-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2020-May/006781.html", }, { category: "self", summary: "SUSE Bug 1084739", url: "https://bugzilla.suse.com/1084739", }, { category: "self", summary: "SUSE Bug 1124708", url: "https://bugzilla.suse.com/1124708", }, { category: "self", summary: "SUSE Bug 1133817", url: "https://bugzilla.suse.com/1133817", }, { category: "self", summary: "SUSE Bug 1135773", url: "https://bugzilla.suse.com/1135773", }, { category: "self", summary: "SUSE Bug 1137622", url: "https://bugzilla.suse.com/1137622", }, { category: "self", summary: "SUSE Bug 1149110", url: "https://bugzilla.suse.com/1149110", }, { category: "self", summary: "SUSE Bug 1149535", url: "https://bugzilla.suse.com/1149535", }, { category: "self", summary: "SUSE Bug 1163444", url: "https://bugzilla.suse.com/1163444", }, { category: "self", summary: "SUSE Bug 1164838", url: "https://bugzilla.suse.com/1164838", }, { category: "self", summary: "SUSE Bug 1165402", url: "https://bugzilla.suse.com/1165402", }, { category: "self", summary: "SUSE Bug 1165723", url: "https://bugzilla.suse.com/1165723", }, { category: "self", summary: "SUSE Bug 1166290", url: "https://bugzilla.suse.com/1166290", }, { category: "self", summary: "SUSE Bug 1168512", url: "https://bugzilla.suse.com/1168512", }, { category: "self", summary: "SUSE Bug 1168593", url: "https://bugzilla.suse.com/1168593", }, { category: "self", summary: "SUSE Bug 1169770", url: "https://bugzilla.suse.com/1169770", }, { category: "self", summary: "SUSE CVE CVE-2019-0201 page", url: "https://www.suse.com/security/cve/CVE-2019-0201/", }, { category: "self", summary: "SUSE CVE CVE-2019-11596 page", url: "https://www.suse.com/security/cve/CVE-2019-11596/", }, { category: "self", summary: "SUSE CVE CVE-2019-15026 page", url: "https://www.suse.com/security/cve/CVE-2019-15026/", }, { category: "self", summary: "SUSE CVE CVE-2020-5247 page", url: "https://www.suse.com/security/cve/CVE-2020-5247/", }, { category: "self", summary: "SUSE CVE CVE-2020-9543 page", url: "https://www.suse.com/security/cve/CVE-2020-9543/", }, ], title: "Security update for ardana-ansible, ardana-barbican, ardana-cluster, ardana-db, ardana-designate, ardana-input-model, ardana-logging, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, memcached, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-ironic, openstack-ironic-image, openstack-manila, openstack-neutron, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, python-cinderclient, python-glanceclient, python-ironic-lib, python-ironicclient, python-keystonemiddleware, python-manila-tempest-plugin, python-novaclient, python-octaviaclient, python-openstackclient, python-os-brick, python-oslo.config, python-oslo.rootwrap, python-oslo.utils, python-swiftclient, python-watcherclient, release-notes-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, zookeeper", tracking: { current_release_date: "2020-05-05T11:44:39Z", generator: { date: "2020-05-05T11:44:39Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2020:1190-1", initial_release_date: "2020-05-05T11:44:39Z", revision_history: [ { date: "2020-05-05T11:44:39Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.aarch64", product: { name: "crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.aarch64", product_id: "crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.aarch64", }, }, { category: "product_version", name: "crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.aarch64", product: { name: "crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.aarch64", product_id: "crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.aarch64", }, }, { category: "product_version", name: "crowbar-core-devel-6.0+git.1587558898.313bb9fd3-3.22.2.aarch64", product: { name: "crowbar-core-devel-6.0+git.1587558898.313bb9fd3-3.22.2.aarch64", product_id: "crowbar-core-devel-6.0+git.1587558898.313bb9fd3-3.22.2.aarch64", }, }, { category: "product_version", name: "libzookeeper2-3.4.13-3.3.1.aarch64", product: { name: "libzookeeper2-3.4.13-3.3.1.aarch64", product_id: "libzookeeper2-3.4.13-3.3.1.aarch64", }, }, { category: "product_version", name: "libzookeeper2-devel-3.4.13-3.3.1.aarch64", product: { name: "libzookeeper2-devel-3.4.13-3.3.1.aarch64", product_id: "libzookeeper2-devel-3.4.13-3.3.1.aarch64", }, }, { category: "product_version", name: "memcached-1.5.17-3.3.1.aarch64", product: { name: "memcached-1.5.17-3.3.1.aarch64", product_id: "memcached-1.5.17-3.3.1.aarch64", }, }, { category: "product_version", name: "memcached-devel-1.5.17-3.3.1.aarch64", product: { name: "memcached-devel-1.5.17-3.3.1.aarch64", product_id: "memcached-devel-1.5.17-3.3.1.aarch64", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.aarch64", product: { name: "ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.aarch64", product_id: "ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.aarch64", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-doc-3.9.2-3.6.1.aarch64", product: { name: "ruby2.1-rubygem-crowbar-client-doc-3.9.2-3.6.1.aarch64", product_id: "ruby2.1-rubygem-crowbar-client-doc-3.9.2-3.6.1.aarch64", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.2-3.6.1.aarch64", product: { name: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.2-3.6.1.aarch64", product_id: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.2-3.6.1.aarch64", }, }, { category: "product_version", name: "ruby2.1-rubygem-puma-2.16.0-4.6.1.aarch64", product: { name: "ruby2.1-rubygem-puma-2.16.0-4.6.1.aarch64", product_id: "ruby2.1-rubygem-puma-2.16.0-4.6.1.aarch64", }, }, { category: "product_version", name: "ruby2.1-rubygem-puma-doc-2.16.0-4.6.1.aarch64", product: { name: "ruby2.1-rubygem-puma-doc-2.16.0-4.6.1.aarch64", product_id: "ruby2.1-rubygem-puma-doc-2.16.0-4.6.1.aarch64", }, }, { category: "product_version", name: "zookeeper-client-3.4.13-3.3.1.aarch64", product: { name: "zookeeper-client-3.4.13-3.3.1.aarch64", product_id: "zookeeper-client-3.4.13-3.3.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "ardana-ansible-9.0+git.1587034359.a12678b-3.19.1.noarch", product: { name: "ardana-ansible-9.0+git.1587034359.a12678b-3.19.1.noarch", product_id: "ardana-ansible-9.0+git.1587034359.a12678b-3.19.1.noarch", }, }, { category: "product_version", name: "ardana-barbican-9.0+git.1583953599.cd723bb-3.10.1.noarch", product: { name: "ardana-barbican-9.0+git.1583953599.cd723bb-3.10.1.noarch", product_id: "ardana-barbican-9.0+git.1583953599.cd723bb-3.10.1.noarch", }, }, { category: "product_version", name: "ardana-cluster-9.0+git.1585653734.c1fe3b2-3.13.1.noarch", product: { name: "ardana-cluster-9.0+git.1585653734.c1fe3b2-3.13.1.noarch", product_id: "ardana-cluster-9.0+git.1585653734.c1fe3b2-3.13.1.noarch", }, }, { category: "product_version", name: "ardana-db-9.0+git.1586543314.6b6aa20-3.19.1.noarch", product: { name: "ardana-db-9.0+git.1586543314.6b6aa20-3.19.1.noarch", product_id: "ardana-db-9.0+git.1586543314.6b6aa20-3.19.1.noarch", }, }, { category: "product_version", name: "ardana-designate-9.0+git.1583445435.4bd1793-3.10.1.noarch", product: { name: "ardana-designate-9.0+git.1583445435.4bd1793-3.10.1.noarch", product_id: "ardana-designate-9.0+git.1583445435.4bd1793-3.10.1.noarch", }, }, { category: "product_version", name: "ardana-input-model-9.0+git.1584632190.9541c56-3.16.1.noarch", product: { name: "ardana-input-model-9.0+git.1584632190.9541c56-3.16.1.noarch", product_id: "ardana-input-model-9.0+git.1584632190.9541c56-3.16.1.noarch", }, }, { category: "product_version", name: "ardana-logging-9.0+git.1585929695.f35b591-3.10.1.noarch", product: { name: "ardana-logging-9.0+git.1585929695.f35b591-3.10.1.noarch", product_id: "ardana-logging-9.0+git.1585929695.f35b591-3.10.1.noarch", }, }, { category: "product_version", name: "ardana-monasca-9.0+git.1586769889.d43d736-3.16.1.noarch", product: { name: "ardana-monasca-9.0+git.1586769889.d43d736-3.16.1.noarch", product_id: "ardana-monasca-9.0+git.1586769889.d43d736-3.16.1.noarch", }, }, { category: "product_version", name: "ardana-mq-9.0+git.1586350749.a463fd2-3.13.1.noarch", product: { name: "ardana-mq-9.0+git.1586350749.a463fd2-3.13.1.noarch", product_id: "ardana-mq-9.0+git.1586350749.a463fd2-3.13.1.noarch", }, }, { category: "product_version", name: "ardana-neutron-9.0+git.1587667603.507fb50-3.19.1.noarch", product: { name: "ardana-neutron-9.0+git.1587667603.507fb50-3.19.1.noarch", product_id: "ardana-neutron-9.0+git.1587667603.507fb50-3.19.1.noarch", }, }, { category: "product_version", name: "ardana-octavia-9.0+git.1587486004.8e99c6b-3.16.1.noarch", product: { name: "ardana-octavia-9.0+git.1587486004.8e99c6b-3.16.1.noarch", product_id: "ardana-octavia-9.0+git.1587486004.8e99c6b-3.16.1.noarch", }, }, { category: "product_version", name: "ardana-osconfig-9.0+git.1586546715.dbd07ab-3.16.1.noarch", product: { name: "ardana-osconfig-9.0+git.1586546715.dbd07ab-3.16.1.noarch", product_id: "ardana-osconfig-9.0+git.1586546715.dbd07ab-3.16.1.noarch", }, }, { category: "product_version", name: "ardana-tempest-9.0+git.1587398456.b31cc4a-3.13.1.noarch", product: { name: "ardana-tempest-9.0+git.1587398456.b31cc4a-3.13.1.noarch", product_id: "ardana-tempest-9.0+git.1587398456.b31cc4a-3.13.1.noarch", }, }, { category: "product_version", name: "ardana-tls-9.0+git.1586301209.c9413b4-3.12.1.noarch", product: { name: "ardana-tls-9.0+git.1586301209.c9413b4-3.12.1.noarch", product_id: "ardana-tls-9.0+git.1586301209.c9413b4-3.12.1.noarch", }, }, { category: "product_version", name: "crowbar-ha-6.0+git.1586256059.e6f67e1-3.16.1.noarch", product: { name: "crowbar-ha-6.0+git.1586256059.e6f67e1-3.16.1.noarch", product_id: "crowbar-ha-6.0+git.1586256059.e6f67e1-3.16.1.noarch", }, }, { category: "product_version", name: "crowbar-openstack-6.0+git.1587753188.da39e44a7-3.22.1.noarch", product: { name: "crowbar-openstack-6.0+git.1587753188.da39e44a7-3.22.1.noarch", product_id: "crowbar-openstack-6.0+git.1587753188.da39e44a7-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", product: { name: "openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", product_id: "openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", }, }, { category: "product_version", name: "openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", product: { name: "openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", product_id: "openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", }, }, { category: "product_version", name: "openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", product: { name: "openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", product_id: "openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", }, }, { category: "product_version", name: "openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", product: { name: "openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", product_id: "openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", }, }, { category: "product_version", name: "openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", product: { name: "openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", product_id: "openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", }, }, { category: "product_version", name: "openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", product: { name: "openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", product_id: "openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", }, }, { category: "product_version", name: "openstack-ceilometer-test-11.1.1~dev5-3.13.2.noarch", product: { name: "openstack-ceilometer-test-11.1.1~dev5-3.13.2.noarch", product_id: "openstack-ceilometer-test-11.1.1~dev5-3.13.2.noarch", }, }, { category: "product_version", name: "openstack-cinder-13.0.10~dev9-3.19.1.noarch", product: { name: "openstack-cinder-13.0.10~dev9-3.19.1.noarch", product_id: "openstack-cinder-13.0.10~dev9-3.19.1.noarch", }, }, { category: "product_version", name: "openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", product: { name: "openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", product_id: "openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", }, }, { category: "product_version", name: "openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", product: { name: "openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", product_id: "openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", }, }, { category: "product_version", name: "openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", product: { name: "openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", product_id: "openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", }, }, { category: "product_version", name: "openstack-cinder-test-13.0.10~dev9-3.19.1.noarch", product: { name: "openstack-cinder-test-13.0.10~dev9-3.19.1.noarch", product_id: "openstack-cinder-test-13.0.10~dev9-3.19.1.noarch", }, }, { category: "product_version", name: "openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", product: { name: "openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", product_id: "openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", }, }, { category: "product_version", name: "openstack-designate-7.0.1~dev25-3.16.2.noarch", product: { name: "openstack-designate-7.0.1~dev25-3.16.2.noarch", product_id: "openstack-designate-7.0.1~dev25-3.16.2.noarch", }, }, { category: "product_version", name: "openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", product: { name: "openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", product_id: "openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", }, }, { category: "product_version", name: "openstack-designate-api-7.0.1~dev25-3.16.2.noarch", product: { name: "openstack-designate-api-7.0.1~dev25-3.16.2.noarch", product_id: "openstack-designate-api-7.0.1~dev25-3.16.2.noarch", }, }, { category: "product_version", name: "openstack-designate-central-7.0.1~dev25-3.16.2.noarch", product: { name: "openstack-designate-central-7.0.1~dev25-3.16.2.noarch", product_id: "openstack-designate-central-7.0.1~dev25-3.16.2.noarch", }, }, { category: "product_version", name: "openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", product: { name: "openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", product_id: "openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", }, }, { category: "product_version", name: "openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", product: { name: "openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", product_id: "openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", }, }, { category: "product_version", name: "openstack-designate-test-7.0.1~dev25-3.16.2.noarch", product: { name: "openstack-designate-test-7.0.1~dev25-3.16.2.noarch", product_id: "openstack-designate-test-7.0.1~dev25-3.16.2.noarch", }, }, { category: "product_version", name: "openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", product: { name: "openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", product_id: "openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", }, }, { category: "product_version", name: "openstack-heat-11.0.3~dev35-3.16.1.noarch", product: { name: "openstack-heat-11.0.3~dev35-3.16.1.noarch", product_id: "openstack-heat-11.0.3~dev35-3.16.1.noarch", }, }, { category: "product_version", name: "openstack-heat-api-11.0.3~dev35-3.16.1.noarch", product: { name: "openstack-heat-api-11.0.3~dev35-3.16.1.noarch", product_id: "openstack-heat-api-11.0.3~dev35-3.16.1.noarch", }, }, { category: "product_version", name: "openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", product: { name: "openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", product_id: "openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", }, }, { category: "product_version", name: "openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", product: { name: "openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", product_id: "openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", }, }, { category: "product_version", name: "openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", product: { name: "openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", product_id: "openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", }, }, { category: "product_version", name: "openstack-heat-test-11.0.3~dev35-3.16.1.noarch", product: { name: "openstack-heat-test-11.0.3~dev35-3.16.1.noarch", product_id: "openstack-heat-test-11.0.3~dev35-3.16.1.noarch", }, }, { category: "product_version", name: "openstack-ironic-11.1.5~dev3-3.16.1.noarch", product: { name: "openstack-ironic-11.1.5~dev3-3.16.1.noarch", product_id: "openstack-ironic-11.1.5~dev3-3.16.1.noarch", }, }, { category: "product_version", name: "openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", product: { name: "openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", product_id: "openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", }, }, { category: "product_version", name: "openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", product: { name: "openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", product_id: "openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", }, }, { category: "product_version", name: "openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", product: { name: "openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", product_id: "openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", }, }, { category: "product_version", name: "openstack-ironic-test-11.1.5~dev3-3.16.1.noarch", product: { name: "openstack-ironic-test-11.1.5~dev3-3.16.1.noarch", product_id: "openstack-ironic-test-11.1.5~dev3-3.16.1.noarch", }, }, { category: "product_version", name: "openstack-manila-7.4.2~dev4-4.21.1.noarch", product: { name: "openstack-manila-7.4.2~dev4-4.21.1.noarch", product_id: "openstack-manila-7.4.2~dev4-4.21.1.noarch", }, }, { category: "product_version", name: "openstack-manila-api-7.4.2~dev4-4.21.1.noarch", product: { name: "openstack-manila-api-7.4.2~dev4-4.21.1.noarch", product_id: "openstack-manila-api-7.4.2~dev4-4.21.1.noarch", }, }, { category: "product_version", name: "openstack-manila-data-7.4.2~dev4-4.21.1.noarch", product: { name: "openstack-manila-data-7.4.2~dev4-4.21.1.noarch", product_id: "openstack-manila-data-7.4.2~dev4-4.21.1.noarch", }, }, { category: "product_version", name: "openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", product: { name: "openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", product_id: "openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", }, }, { category: "product_version", name: "openstack-manila-share-7.4.2~dev4-4.21.1.noarch", product: { name: "openstack-manila-share-7.4.2~dev4-4.21.1.noarch", product_id: "openstack-manila-share-7.4.2~dev4-4.21.1.noarch", }, }, { category: "product_version", name: "openstack-manila-test-7.4.2~dev4-4.21.1.noarch", product: { name: "openstack-manila-test-7.4.2~dev4-4.21.1.noarch", product_id: "openstack-manila-test-7.4.2~dev4-4.21.1.noarch", }, }, { category: "product_version", name: "openstack-neutron-13.0.8~dev28-3.22.1.noarch", product: { name: "openstack-neutron-13.0.8~dev28-3.22.1.noarch", product_id: "openstack-neutron-13.0.8~dev28-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", product: { name: "openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", product_id: "openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", product: { name: "openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", product_id: "openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", product: { name: "openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", product_id: "openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", product: { name: "openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", product_id: "openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", product: { name: "openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", product_id: "openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", product: { name: "openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", product_id: "openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", product: { name: "openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", product_id: "openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", product: { name: "openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", product_id: "openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", product: { name: "openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", product_id: "openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-neutron-test-13.0.8~dev28-3.22.1.noarch", product: { name: "openstack-neutron-test-13.0.8~dev28-3.22.1.noarch", product_id: "openstack-neutron-test-13.0.8~dev28-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-nova-18.3.1~dev17-3.22.1.noarch", product: { name: "openstack-nova-18.3.1~dev17-3.22.1.noarch", product_id: "openstack-nova-18.3.1~dev17-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-nova-api-18.3.1~dev17-3.22.1.noarch", product: { name: "openstack-nova-api-18.3.1~dev17-3.22.1.noarch", product_id: "openstack-nova-api-18.3.1~dev17-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", product: { name: "openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", product_id: "openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", product: { name: "openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", product_id: "openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", product: { name: "openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", product_id: "openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-nova-console-18.3.1~dev17-3.22.1.noarch", product: { name: "openstack-nova-console-18.3.1~dev17-3.22.1.noarch", product_id: "openstack-nova-console-18.3.1~dev17-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-nova-consoleauth-18.3.1~dev17-3.22.1.noarch", product: { name: "openstack-nova-consoleauth-18.3.1~dev17-3.22.1.noarch", product_id: "openstack-nova-consoleauth-18.3.1~dev17-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-nova-network-18.3.1~dev17-3.22.1.noarch", product: { name: "openstack-nova-network-18.3.1~dev17-3.22.1.noarch", product_id: "openstack-nova-network-18.3.1~dev17-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", product: { name: "openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", product_id: "openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", product: { name: "openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", product_id: "openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", product: { name: "openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", product_id: "openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", product: { name: "openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", product_id: "openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-nova-test-18.3.1~dev17-3.22.1.noarch", product: { name: "openstack-nova-test-18.3.1~dev17-3.22.1.noarch", product_id: "openstack-nova-test-18.3.1~dev17-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", product: { name: "openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", product_id: "openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-octavia-3.2.3~dev2-3.22.1.noarch", product: { name: "openstack-octavia-3.2.3~dev2-3.22.1.noarch", product_id: "openstack-octavia-3.2.3~dev2-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", product: { name: "openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", product_id: "openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", product: { name: "openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", product_id: "openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", }, }, { category: "product_version", name: "openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", product: { name: "openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", product_id: "openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", product: { name: "openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", product_id: "openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", product: { name: "openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", product_id: "openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-octavia-network-namespace-scripts-3.2.3~dev2-3.22.1.noarch", product: { name: "openstack-octavia-network-namespace-scripts-3.2.3~dev2-3.22.1.noarch", product_id: "openstack-octavia-network-namespace-scripts-3.2.3~dev2-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-octavia-test-3.2.3~dev2-3.22.1.noarch", product: { name: "openstack-octavia-test-3.2.3~dev2-3.22.1.noarch", product_id: "openstack-octavia-test-3.2.3~dev2-3.22.1.noarch", }, }, { category: "product_version", name: "openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", product: { name: "openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", product_id: "openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", }, }, { category: "product_version", name: "python-ceilometer-11.1.1~dev5-3.13.2.noarch", product: { name: "python-ceilometer-11.1.1~dev5-3.13.2.noarch", product_id: "python-ceilometer-11.1.1~dev5-3.13.2.noarch", }, }, { category: "product_version", name: "python-cinder-13.0.10~dev9-3.19.1.noarch", product: { name: "python-cinder-13.0.10~dev9-3.19.1.noarch", product_id: "python-cinder-13.0.10~dev9-3.19.1.noarch", }, }, { category: "product_version", name: "python-cinderclient-4.0.3-3.6.2.noarch", product: { name: "python-cinderclient-4.0.3-3.6.2.noarch", product_id: "python-cinderclient-4.0.3-3.6.2.noarch", }, }, { category: "product_version", name: "python-cinderclient-doc-4.0.3-3.6.2.noarch", product: { name: "python-cinderclient-doc-4.0.3-3.6.2.noarch", product_id: "python-cinderclient-doc-4.0.3-3.6.2.noarch", }, }, { category: "product_version", name: "python-designate-7.0.1~dev25-3.16.2.noarch", product: { name: "python-designate-7.0.1~dev25-3.16.2.noarch", product_id: "python-designate-7.0.1~dev25-3.16.2.noarch", }, }, { category: "product_version", name: "python-glanceclient-2.13.2-3.3.2.noarch", product: { name: "python-glanceclient-2.13.2-3.3.2.noarch", product_id: "python-glanceclient-2.13.2-3.3.2.noarch", }, }, { category: "product_version", name: "python-glanceclient-doc-2.13.2-3.3.2.noarch", product: { name: "python-glanceclient-doc-2.13.2-3.3.2.noarch", product_id: "python-glanceclient-doc-2.13.2-3.3.2.noarch", }, }, { category: "product_version", name: "python-heat-11.0.3~dev35-3.16.1.noarch", product: { name: "python-heat-11.0.3~dev35-3.16.1.noarch", product_id: "python-heat-11.0.3~dev35-3.16.1.noarch", }, }, { category: "product_version", name: "python-ironic-11.1.5~dev3-3.16.1.noarch", product: { name: "python-ironic-11.1.5~dev3-3.16.1.noarch", product_id: "python-ironic-11.1.5~dev3-3.16.1.noarch", }, }, { category: "product_version", name: "python-ironic-lib-2.14.3-3.6.1.noarch", product: { name: "python-ironic-lib-2.14.3-3.6.1.noarch", product_id: "python-ironic-lib-2.14.3-3.6.1.noarch", }, }, { category: "product_version", name: "python-ironicclient-2.5.4-4.10.1.noarch", product: { name: "python-ironicclient-2.5.4-4.10.1.noarch", product_id: "python-ironicclient-2.5.4-4.10.1.noarch", }, }, { category: "product_version", name: "python-ironicclient-doc-2.5.4-4.10.1.noarch", product: { name: "python-ironicclient-doc-2.5.4-4.10.1.noarch", product_id: "python-ironicclient-doc-2.5.4-4.10.1.noarch", }, }, { category: "product_version", name: "python-keystonemiddleware-5.2.2-17.1.noarch", product: { name: "python-keystonemiddleware-5.2.2-17.1.noarch", product_id: "python-keystonemiddleware-5.2.2-17.1.noarch", }, }, { category: "product_version", name: "python-keystonemiddleware-doc-5.2.2-17.1.noarch", product: { name: "python-keystonemiddleware-doc-5.2.2-17.1.noarch", product_id: "python-keystonemiddleware-doc-5.2.2-17.1.noarch", }, }, { category: "product_version", name: "python-manila-7.4.2~dev4-4.21.1.noarch", product: { name: "python-manila-7.4.2~dev4-4.21.1.noarch", product_id: "python-manila-7.4.2~dev4-4.21.1.noarch", }, }, { category: "product_version", name: "python-manila-tempest-plugin-0.1.0-3.6.1.noarch", product: { name: "python-manila-tempest-plugin-0.1.0-3.6.1.noarch", product_id: "python-manila-tempest-plugin-0.1.0-3.6.1.noarch", }, }, { category: "product_version", name: "python-neutron-13.0.8~dev28-3.22.1.noarch", product: { name: "python-neutron-13.0.8~dev28-3.22.1.noarch", product_id: "python-neutron-13.0.8~dev28-3.22.1.noarch", }, }, { category: "product_version", name: "python-nova-18.3.1~dev17-3.22.1.noarch", product: { name: "python-nova-18.3.1~dev17-3.22.1.noarch", product_id: "python-nova-18.3.1~dev17-3.22.1.noarch", }, }, { category: "product_version", name: "python-novaclient-11.0.1-3.3.1.noarch", product: { name: "python-novaclient-11.0.1-3.3.1.noarch", product_id: "python-novaclient-11.0.1-3.3.1.noarch", }, }, { category: "product_version", name: "python-novaclient-doc-11.0.1-3.3.1.noarch", product: { name: "python-novaclient-doc-11.0.1-3.3.1.noarch", product_id: "python-novaclient-doc-11.0.1-3.3.1.noarch", }, }, { category: "product_version", name: "python-octavia-3.2.3~dev2-3.22.1.noarch", product: { name: "python-octavia-3.2.3~dev2-3.22.1.noarch", product_id: "python-octavia-3.2.3~dev2-3.22.1.noarch", }, }, { category: "product_version", name: "python-octaviaclient-1.6.2-3.6.1.noarch", product: { name: "python-octaviaclient-1.6.2-3.6.1.noarch", product_id: "python-octaviaclient-1.6.2-3.6.1.noarch", }, }, { category: "product_version", name: "python-octaviaclient-doc-1.6.2-3.6.1.noarch", product: { name: "python-octaviaclient-doc-1.6.2-3.6.1.noarch", product_id: "python-octaviaclient-doc-1.6.2-3.6.1.noarch", }, }, { category: "product_version", name: "python-openstackclient-3.16.3-11.1.noarch", product: { name: "python-openstackclient-3.16.3-11.1.noarch", product_id: "python-openstackclient-3.16.3-11.1.noarch", }, }, { category: "product_version", name: "python-openstackclient-doc-3.16.3-11.1.noarch", product: { name: "python-openstackclient-doc-3.16.3-11.1.noarch", product_id: "python-openstackclient-doc-3.16.3-11.1.noarch", }, }, { category: "product_version", name: "python-os-brick-2.5.10-3.9.2.noarch", product: { name: "python-os-brick-2.5.10-3.9.2.noarch", product_id: "python-os-brick-2.5.10-3.9.2.noarch", }, }, { category: "product_version", name: "python-os-brick-common-2.5.10-3.9.2.noarch", product: { name: "python-os-brick-common-2.5.10-3.9.2.noarch", product_id: "python-os-brick-common-2.5.10-3.9.2.noarch", }, }, { category: "product_version", name: "python-os-brick-doc-2.5.10-3.9.2.noarch", product: { name: "python-os-brick-doc-2.5.10-3.9.2.noarch", product_id: "python-os-brick-doc-2.5.10-3.9.2.noarch", }, }, { category: "product_version", name: "python-oslo.config-6.4.2-3.3.1.noarch", product: { name: "python-oslo.config-6.4.2-3.3.1.noarch", product_id: "python-oslo.config-6.4.2-3.3.1.noarch", }, }, { category: "product_version", name: "python-oslo.config-doc-6.4.2-3.3.1.noarch", product: { name: "python-oslo.config-doc-6.4.2-3.3.1.noarch", product_id: "python-oslo.config-doc-6.4.2-3.3.1.noarch", }, }, { category: "product_version", name: "python-oslo.rootwrap-5.14.2-3.3.1.noarch", product: { name: "python-oslo.rootwrap-5.14.2-3.3.1.noarch", product_id: "python-oslo.rootwrap-5.14.2-3.3.1.noarch", }, }, { category: "product_version", name: "python-oslo.rootwrap-doc-5.14.2-3.3.1.noarch", product: { name: "python-oslo.rootwrap-doc-5.14.2-3.3.1.noarch", product_id: "python-oslo.rootwrap-doc-5.14.2-3.3.1.noarch", }, }, { category: "product_version", name: "python-oslo.utils-3.36.5-3.3.1.noarch", product: { name: "python-oslo.utils-3.36.5-3.3.1.noarch", product_id: "python-oslo.utils-3.36.5-3.3.1.noarch", }, }, { category: "product_version", name: "python-oslo.utils-doc-3.36.5-3.3.1.noarch", product: { name: "python-oslo.utils-doc-3.36.5-3.3.1.noarch", product_id: "python-oslo.utils-doc-3.36.5-3.3.1.noarch", }, }, { category: "product_version", name: "python-swiftclient-3.6.1-3.3.1.noarch", product: { name: "python-swiftclient-3.6.1-3.3.1.noarch", product_id: "python-swiftclient-3.6.1-3.3.1.noarch", }, }, { category: "product_version", name: "python-swiftclient-doc-3.6.1-3.3.1.noarch", product: { name: "python-swiftclient-doc-3.6.1-3.3.1.noarch", product_id: "python-swiftclient-doc-3.6.1-3.3.1.noarch", }, }, { category: "product_version", name: "python-watcherclient-2.1.1-3.3.1.noarch", product: { name: "python-watcherclient-2.1.1-3.3.1.noarch", product_id: "python-watcherclient-2.1.1-3.3.1.noarch", }, }, { category: "product_version", name: "python-watcherclient-doc-2.1.1-3.3.1.noarch", product: { name: "python-watcherclient-doc-2.1.1-3.3.1.noarch", product_id: "python-watcherclient-doc-2.1.1-3.3.1.noarch", }, }, { category: "product_version", name: "python3-cinderclient-4.0.3-3.6.2.noarch", product: { name: "python3-cinderclient-4.0.3-3.6.2.noarch", product_id: "python3-cinderclient-4.0.3-3.6.2.noarch", }, }, { category: "product_version", name: "python3-glanceclient-2.13.2-3.3.2.noarch", product: { name: "python3-glanceclient-2.13.2-3.3.2.noarch", product_id: "python3-glanceclient-2.13.2-3.3.2.noarch", }, }, { category: "product_version", name: "python3-ironicclient-2.5.4-4.10.1.noarch", product: { name: "python3-ironicclient-2.5.4-4.10.1.noarch", product_id: "python3-ironicclient-2.5.4-4.10.1.noarch", }, }, { category: "product_version", name: "python3-keystonemiddleware-5.2.2-17.1.noarch", product: { name: "python3-keystonemiddleware-5.2.2-17.1.noarch", product_id: "python3-keystonemiddleware-5.2.2-17.1.noarch", }, }, { category: "product_version", name: "python3-novaclient-11.0.1-3.3.1.noarch", product: { name: "python3-novaclient-11.0.1-3.3.1.noarch", product_id: "python3-novaclient-11.0.1-3.3.1.noarch", }, }, { category: "product_version", name: "python3-octaviaclient-1.6.2-3.6.1.noarch", product: { name: "python3-octaviaclient-1.6.2-3.6.1.noarch", product_id: "python3-octaviaclient-1.6.2-3.6.1.noarch", }, }, { category: "product_version", name: "python3-openstackclient-3.16.3-11.1.noarch", product: { name: "python3-openstackclient-3.16.3-11.1.noarch", product_id: "python3-openstackclient-3.16.3-11.1.noarch", }, }, { category: "product_version", name: "python3-os-brick-2.5.10-3.9.2.noarch", product: { name: "python3-os-brick-2.5.10-3.9.2.noarch", product_id: "python3-os-brick-2.5.10-3.9.2.noarch", }, }, { category: "product_version", name: "python3-oslo.config-6.4.2-3.3.1.noarch", product: { name: "python3-oslo.config-6.4.2-3.3.1.noarch", product_id: "python3-oslo.config-6.4.2-3.3.1.noarch", }, }, { category: "product_version", name: "python3-oslo.rootwrap-5.14.2-3.3.1.noarch", product: { name: "python3-oslo.rootwrap-5.14.2-3.3.1.noarch", product_id: "python3-oslo.rootwrap-5.14.2-3.3.1.noarch", }, }, { category: "product_version", name: "python3-oslo.utils-3.36.5-3.3.1.noarch", product: { name: "python3-oslo.utils-3.36.5-3.3.1.noarch", product_id: "python3-oslo.utils-3.36.5-3.3.1.noarch", }, }, { category: "product_version", name: "python3-swiftclient-3.6.1-3.3.1.noarch", product: { name: "python3-swiftclient-3.6.1-3.3.1.noarch", product_id: "python3-swiftclient-3.6.1-3.3.1.noarch", }, }, { category: "product_version", name: "release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", product: { name: "release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", product_id: "release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", }, }, { category: "product_version", name: "venv-openstack-barbican-x86_64-7.0.1~dev24-3.17.1.noarch", product: { name: "venv-openstack-barbican-x86_64-7.0.1~dev24-3.17.1.noarch", product_id: "venv-openstack-barbican-x86_64-7.0.1~dev24-3.17.1.noarch", }, }, { category: "product_version", name: "venv-openstack-cinder-x86_64-13.0.10~dev9-3.17.1.noarch", product: { name: "venv-openstack-cinder-x86_64-13.0.10~dev9-3.17.1.noarch", product_id: "venv-openstack-cinder-x86_64-13.0.10~dev9-3.17.1.noarch", }, }, { category: "product_version", name: "venv-openstack-designate-x86_64-7.0.1~dev25-3.17.1.noarch", product: { name: "venv-openstack-designate-x86_64-7.0.1~dev25-3.17.1.noarch", product_id: "venv-openstack-designate-x86_64-7.0.1~dev25-3.17.1.noarch", }, }, { category: "product_version", name: "venv-openstack-glance-x86_64-17.0.1~dev30-3.15.1.noarch", product: { name: "venv-openstack-glance-x86_64-17.0.1~dev30-3.15.1.noarch", product_id: "venv-openstack-glance-x86_64-17.0.1~dev30-3.15.1.noarch", }, }, { category: "product_version", name: "venv-openstack-heat-x86_64-11.0.3~dev35-3.17.1.noarch", product: { name: "venv-openstack-heat-x86_64-11.0.3~dev35-3.17.1.noarch", product_id: "venv-openstack-heat-x86_64-11.0.3~dev35-3.17.1.noarch", }, }, { category: "product_version", name: "venv-openstack-horizon-x86_64-14.1.1~dev1-4.16.1.noarch", product: { name: "venv-openstack-horizon-x86_64-14.1.1~dev1-4.16.1.noarch", product_id: "venv-openstack-horizon-x86_64-14.1.1~dev1-4.16.1.noarch", }, }, { category: "product_version", name: "venv-openstack-ironic-x86_64-11.1.5~dev3-4.13.1.noarch", product: { name: "venv-openstack-ironic-x86_64-11.1.5~dev3-4.13.1.noarch", product_id: "venv-openstack-ironic-x86_64-11.1.5~dev3-4.13.1.noarch", }, }, { category: "product_version", name: "venv-openstack-keystone-x86_64-14.1.1~dev36-3.17.1.noarch", product: { name: "venv-openstack-keystone-x86_64-14.1.1~dev36-3.17.1.noarch", product_id: "venv-openstack-keystone-x86_64-14.1.1~dev36-3.17.1.noarch", }, }, { category: "product_version", name: "venv-openstack-magnum-x86_64-7.2.1~dev1-4.17.1.noarch", product: { name: "venv-openstack-magnum-x86_64-7.2.1~dev1-4.17.1.noarch", product_id: "venv-openstack-magnum-x86_64-7.2.1~dev1-4.17.1.noarch", }, }, { category: "product_version", name: "venv-openstack-manila-x86_64-7.4.2~dev4-3.19.1.noarch", product: { name: "venv-openstack-manila-x86_64-7.4.2~dev4-3.19.1.noarch", product_id: "venv-openstack-manila-x86_64-7.4.2~dev4-3.19.1.noarch", }, }, { category: "product_version", name: "venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.17.1.noarch", product: { name: "venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.17.1.noarch", product_id: "venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.17.1.noarch", }, }, { category: "product_version", name: "venv-openstack-monasca-x86_64-2.7.1~dev10-3.15.1.noarch", product: { name: "venv-openstack-monasca-x86_64-2.7.1~dev10-3.15.1.noarch", product_id: "venv-openstack-monasca-x86_64-2.7.1~dev10-3.15.1.noarch", }, }, { category: "product_version", name: "venv-openstack-neutron-x86_64-13.0.8~dev28-6.17.1.noarch", product: { name: "venv-openstack-neutron-x86_64-13.0.8~dev28-6.17.1.noarch", product_id: "venv-openstack-neutron-x86_64-13.0.8~dev28-6.17.1.noarch", }, }, { category: "product_version", name: "venv-openstack-nova-x86_64-18.3.1~dev17-3.17.1.noarch", product: { name: "venv-openstack-nova-x86_64-18.3.1~dev17-3.17.1.noarch", product_id: "venv-openstack-nova-x86_64-18.3.1~dev17-3.17.1.noarch", }, }, { category: "product_version", name: "venv-openstack-octavia-x86_64-3.2.3~dev2-4.17.1.noarch", product: { name: "venv-openstack-octavia-x86_64-3.2.3~dev2-4.17.1.noarch", product_id: "venv-openstack-octavia-x86_64-3.2.3~dev2-4.17.1.noarch", }, }, { category: "product_version", name: "venv-openstack-sahara-x86_64-9.0.2~dev15-3.17.1.noarch", product: { name: "venv-openstack-sahara-x86_64-9.0.2~dev15-3.17.1.noarch", product_id: "venv-openstack-sahara-x86_64-9.0.2~dev15-3.17.1.noarch", }, }, { category: "product_version", name: "venv-openstack-swift-x86_64-2.19.2~dev48-2.12.1.noarch", product: { name: "venv-openstack-swift-x86_64-2.19.2~dev48-2.12.1.noarch", product_id: "venv-openstack-swift-x86_64-2.19.2~dev48-2.12.1.noarch", }, }, { category: "product_version", name: "zookeeper-server-3.4.13-3.3.1.noarch", product: { name: "zookeeper-server-3.4.13-3.3.1.noarch", product_id: "zookeeper-server-3.4.13-3.3.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.ppc64le", product: { name: "crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.ppc64le", product_id: "crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.ppc64le", }, }, { category: "product_version", name: "crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.ppc64le", product: { name: "crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.ppc64le", product_id: "crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.ppc64le", }, }, { category: "product_version", name: "crowbar-core-devel-6.0+git.1587558898.313bb9fd3-3.22.2.ppc64le", product: { name: "crowbar-core-devel-6.0+git.1587558898.313bb9fd3-3.22.2.ppc64le", product_id: "crowbar-core-devel-6.0+git.1587558898.313bb9fd3-3.22.2.ppc64le", }, }, { category: "product_version", name: "libzookeeper2-3.4.13-3.3.1.ppc64le", product: { name: "libzookeeper2-3.4.13-3.3.1.ppc64le", product_id: "libzookeeper2-3.4.13-3.3.1.ppc64le", }, }, { category: "product_version", name: "libzookeeper2-devel-3.4.13-3.3.1.ppc64le", product: { name: "libzookeeper2-devel-3.4.13-3.3.1.ppc64le", product_id: "libzookeeper2-devel-3.4.13-3.3.1.ppc64le", }, }, { category: "product_version", name: "memcached-1.5.17-3.3.1.ppc64le", product: { name: "memcached-1.5.17-3.3.1.ppc64le", product_id: "memcached-1.5.17-3.3.1.ppc64le", }, }, { category: "product_version", name: "memcached-devel-1.5.17-3.3.1.ppc64le", product: { name: "memcached-devel-1.5.17-3.3.1.ppc64le", product_id: "memcached-devel-1.5.17-3.3.1.ppc64le", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.ppc64le", product: { name: "ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.ppc64le", product_id: "ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.ppc64le", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-doc-3.9.2-3.6.1.ppc64le", product: { name: "ruby2.1-rubygem-crowbar-client-doc-3.9.2-3.6.1.ppc64le", product_id: "ruby2.1-rubygem-crowbar-client-doc-3.9.2-3.6.1.ppc64le", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.2-3.6.1.ppc64le", product: { name: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.2-3.6.1.ppc64le", product_id: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.2-3.6.1.ppc64le", }, }, { category: "product_version", name: "ruby2.1-rubygem-puma-2.16.0-4.6.1.ppc64le", product: { name: "ruby2.1-rubygem-puma-2.16.0-4.6.1.ppc64le", product_id: "ruby2.1-rubygem-puma-2.16.0-4.6.1.ppc64le", }, }, { category: "product_version", name: "ruby2.1-rubygem-puma-doc-2.16.0-4.6.1.ppc64le", product: { name: "ruby2.1-rubygem-puma-doc-2.16.0-4.6.1.ppc64le", product_id: "ruby2.1-rubygem-puma-doc-2.16.0-4.6.1.ppc64le", }, }, { category: "product_version", name: "zookeeper-client-3.4.13-3.3.1.ppc64le", product: { name: "zookeeper-client-3.4.13-3.3.1.ppc64le", product_id: "zookeeper-client-3.4.13-3.3.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.s390x", product: { name: "crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.s390x", product_id: "crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.s390x", }, }, { category: "product_version", name: "crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.s390x", product: { name: "crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.s390x", product_id: "crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.s390x", }, }, { category: "product_version", name: "crowbar-core-devel-6.0+git.1587558898.313bb9fd3-3.22.2.s390x", product: { name: "crowbar-core-devel-6.0+git.1587558898.313bb9fd3-3.22.2.s390x", product_id: "crowbar-core-devel-6.0+git.1587558898.313bb9fd3-3.22.2.s390x", }, }, { category: "product_version", name: "libzookeeper2-3.4.13-3.3.1.s390x", product: { name: "libzookeeper2-3.4.13-3.3.1.s390x", product_id: "libzookeeper2-3.4.13-3.3.1.s390x", }, }, { category: "product_version", name: "libzookeeper2-devel-3.4.13-3.3.1.s390x", product: { name: "libzookeeper2-devel-3.4.13-3.3.1.s390x", product_id: "libzookeeper2-devel-3.4.13-3.3.1.s390x", }, }, { category: "product_version", name: "memcached-1.5.17-3.3.1.s390x", product: { name: "memcached-1.5.17-3.3.1.s390x", product_id: "memcached-1.5.17-3.3.1.s390x", }, }, { category: "product_version", name: "memcached-devel-1.5.17-3.3.1.s390x", product: { name: "memcached-devel-1.5.17-3.3.1.s390x", product_id: "memcached-devel-1.5.17-3.3.1.s390x", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.s390x", product: { name: "ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.s390x", product_id: "ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.s390x", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-doc-3.9.2-3.6.1.s390x", product: { name: "ruby2.1-rubygem-crowbar-client-doc-3.9.2-3.6.1.s390x", product_id: "ruby2.1-rubygem-crowbar-client-doc-3.9.2-3.6.1.s390x", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.2-3.6.1.s390x", product: { name: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.2-3.6.1.s390x", product_id: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.2-3.6.1.s390x", }, }, { category: "product_version", name: "ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", product: { name: "ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", product_id: "ruby2.1-rubygem-puma-2.16.0-4.6.1.s390x", }, }, { category: "product_version", name: "ruby2.1-rubygem-puma-doc-2.16.0-4.6.1.s390x", product: { name: "ruby2.1-rubygem-puma-doc-2.16.0-4.6.1.s390x", product_id: "ruby2.1-rubygem-puma-doc-2.16.0-4.6.1.s390x", }, }, { category: "product_version", name: "zookeeper-client-3.4.13-3.3.1.s390x", product: { name: "zookeeper-client-3.4.13-3.3.1.s390x", product_id: "zookeeper-client-3.4.13-3.3.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", product: { name: "crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", product_id: "crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", }, }, { category: "product_version", name: "crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", product: { name: "crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", product_id: "crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", }, }, { category: "product_version", name: "crowbar-core-devel-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", product: { name: "crowbar-core-devel-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", product_id: "crowbar-core-devel-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", }, }, { category: "product_version", name: "libzookeeper2-3.4.13-3.3.1.x86_64", product: { name: "libzookeeper2-3.4.13-3.3.1.x86_64", product_id: "libzookeeper2-3.4.13-3.3.1.x86_64", }, }, { category: "product_version", name: "libzookeeper2-devel-3.4.13-3.3.1.x86_64", product: { name: "libzookeeper2-devel-3.4.13-3.3.1.x86_64", product_id: "libzookeeper2-devel-3.4.13-3.3.1.x86_64", }, }, { category: "product_version", name: "memcached-1.5.17-3.3.1.x86_64", product: { name: "memcached-1.5.17-3.3.1.x86_64", product_id: "memcached-1.5.17-3.3.1.x86_64", }, }, { category: "product_version", name: "memcached-devel-1.5.17-3.3.1.x86_64", product: { name: "memcached-devel-1.5.17-3.3.1.x86_64", product_id: "memcached-devel-1.5.17-3.3.1.x86_64", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.x86_64", product: { name: "ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.x86_64", product_id: "ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.x86_64", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-doc-3.9.2-3.6.1.x86_64", product: { name: "ruby2.1-rubygem-crowbar-client-doc-3.9.2-3.6.1.x86_64", product_id: "ruby2.1-rubygem-crowbar-client-doc-3.9.2-3.6.1.x86_64", }, }, { category: "product_version", name: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.2-3.6.1.x86_64", product: { name: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.2-3.6.1.x86_64", product_id: "ruby2.1-rubygem-crowbar-client-testsuite-3.9.2-3.6.1.x86_64", }, }, { category: "product_version", name: "ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", product: { name: "ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", product_id: "ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", }, }, { category: "product_version", name: "ruby2.1-rubygem-puma-doc-2.16.0-4.6.1.x86_64", product: { name: "ruby2.1-rubygem-puma-doc-2.16.0-4.6.1.x86_64", product_id: "ruby2.1-rubygem-puma-doc-2.16.0-4.6.1.x86_64", }, }, { category: "product_version", name: "zookeeper-client-3.4.13-3.3.1.x86_64", product: { name: "zookeeper-client-3.4.13-3.3.1.x86_64", product_id: "zookeeper-client-3.4.13-3.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE OpenStack Cloud 9", product: { name: "SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud:9", }, }, }, { category: "product_name", name: "SUSE OpenStack Cloud Crowbar 9", product: { name: "SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud-crowbar:9", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ardana-ansible-9.0+git.1587034359.a12678b-3.19.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1587034359.a12678b-3.19.1.noarch", }, product_reference: "ardana-ansible-9.0+git.1587034359.a12678b-3.19.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "ardana-barbican-9.0+git.1583953599.cd723bb-3.10.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1583953599.cd723bb-3.10.1.noarch", }, product_reference: "ardana-barbican-9.0+git.1583953599.cd723bb-3.10.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "ardana-cluster-9.0+git.1585653734.c1fe3b2-3.13.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:ardana-cluster-9.0+git.1585653734.c1fe3b2-3.13.1.noarch", }, product_reference: "ardana-cluster-9.0+git.1585653734.c1fe3b2-3.13.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "ardana-db-9.0+git.1586543314.6b6aa20-3.19.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:ardana-db-9.0+git.1586543314.6b6aa20-3.19.1.noarch", }, product_reference: "ardana-db-9.0+git.1586543314.6b6aa20-3.19.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "ardana-designate-9.0+git.1583445435.4bd1793-3.10.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:ardana-designate-9.0+git.1583445435.4bd1793-3.10.1.noarch", }, product_reference: "ardana-designate-9.0+git.1583445435.4bd1793-3.10.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "ardana-input-model-9.0+git.1584632190.9541c56-3.16.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:ardana-input-model-9.0+git.1584632190.9541c56-3.16.1.noarch", }, product_reference: "ardana-input-model-9.0+git.1584632190.9541c56-3.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "ardana-logging-9.0+git.1585929695.f35b591-3.10.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:ardana-logging-9.0+git.1585929695.f35b591-3.10.1.noarch", }, product_reference: "ardana-logging-9.0+git.1585929695.f35b591-3.10.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "ardana-monasca-9.0+git.1586769889.d43d736-3.16.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:ardana-monasca-9.0+git.1586769889.d43d736-3.16.1.noarch", }, product_reference: "ardana-monasca-9.0+git.1586769889.d43d736-3.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "ardana-mq-9.0+git.1586350749.a463fd2-3.13.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:ardana-mq-9.0+git.1586350749.a463fd2-3.13.1.noarch", }, product_reference: "ardana-mq-9.0+git.1586350749.a463fd2-3.13.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "ardana-neutron-9.0+git.1587667603.507fb50-3.19.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:ardana-neutron-9.0+git.1587667603.507fb50-3.19.1.noarch", }, product_reference: "ardana-neutron-9.0+git.1587667603.507fb50-3.19.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "ardana-octavia-9.0+git.1587486004.8e99c6b-3.16.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:ardana-octavia-9.0+git.1587486004.8e99c6b-3.16.1.noarch", }, product_reference: "ardana-octavia-9.0+git.1587486004.8e99c6b-3.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "ardana-osconfig-9.0+git.1586546715.dbd07ab-3.16.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:ardana-osconfig-9.0+git.1586546715.dbd07ab-3.16.1.noarch", }, product_reference: "ardana-osconfig-9.0+git.1586546715.dbd07ab-3.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "ardana-tempest-9.0+git.1587398456.b31cc4a-3.13.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1587398456.b31cc4a-3.13.1.noarch", }, product_reference: "ardana-tempest-9.0+git.1587398456.b31cc4a-3.13.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "ardana-tls-9.0+git.1586301209.c9413b4-3.12.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:ardana-tls-9.0+git.1586301209.c9413b4-3.12.1.noarch", }, product_reference: "ardana-tls-9.0+git.1586301209.c9413b4-3.12.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "memcached-1.5.17-3.3.1.x86_64 as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:memcached-1.5.17-3.3.1.x86_64", }, product_reference: "memcached-1.5.17-3.3.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-ceilometer-11.1.1~dev5-3.13.2.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", }, product_reference: "openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", }, product_reference: "openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", }, product_reference: "openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", }, product_reference: "openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", }, product_reference: "openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", }, product_reference: "openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-13.0.10~dev9-3.19.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", }, product_reference: "openstack-cinder-13.0.10~dev9-3.19.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-api-13.0.10~dev9-3.19.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", }, product_reference: "openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", }, product_reference: "openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", }, product_reference: "openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", }, product_reference: "openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-designate-7.0.1~dev25-3.16.2.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", }, product_reference: "openstack-designate-7.0.1~dev25-3.16.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-designate-agent-7.0.1~dev25-3.16.2.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", }, product_reference: "openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-designate-api-7.0.1~dev25-3.16.2.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", }, product_reference: "openstack-designate-api-7.0.1~dev25-3.16.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-designate-central-7.0.1~dev25-3.16.2.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", }, product_reference: "openstack-designate-central-7.0.1~dev25-3.16.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-designate-producer-7.0.1~dev25-3.16.2.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", }, product_reference: "openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-designate-sink-7.0.1~dev25-3.16.2.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", }, product_reference: "openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-designate-worker-7.0.1~dev25-3.16.2.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", }, product_reference: "openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-heat-11.0.3~dev35-3.16.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", }, product_reference: "openstack-heat-11.0.3~dev35-3.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-heat-api-11.0.3~dev35-3.16.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", }, product_reference: "openstack-heat-api-11.0.3~dev35-3.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", }, product_reference: "openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-heat-engine-11.0.3~dev35-3.16.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", }, product_reference: "openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", }, product_reference: "openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-ironic-11.1.5~dev3-3.16.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", }, product_reference: "openstack-ironic-11.1.5~dev3-3.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-ironic-api-11.1.5~dev3-3.16.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", }, product_reference: "openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", }, product_reference: "openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", }, product_reference: "openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-7.4.2~dev4-4.21.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", }, product_reference: "openstack-manila-7.4.2~dev4-4.21.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-api-7.4.2~dev4-4.21.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", }, product_reference: "openstack-manila-api-7.4.2~dev4-4.21.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-data-7.4.2~dev4-4.21.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", }, product_reference: "openstack-manila-data-7.4.2~dev4-4.21.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", }, product_reference: "openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-share-7.4.2~dev4-4.21.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", }, product_reference: "openstack-manila-share-7.4.2~dev4-4.21.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-13.0.8~dev28-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", }, product_reference: "openstack-neutron-13.0.8~dev28-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", }, product_reference: "openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", }, product_reference: "openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", }, product_reference: "openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", }, product_reference: "openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", }, product_reference: "openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", }, product_reference: "openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", }, product_reference: "openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", }, product_reference: "openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-server-13.0.8~dev28-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", }, product_reference: "openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-18.3.1~dev17-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", }, product_reference: "openstack-nova-18.3.1~dev17-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-api-18.3.1~dev17-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", }, product_reference: "openstack-nova-api-18.3.1~dev17-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-cells-18.3.1~dev17-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", }, product_reference: "openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-compute-18.3.1~dev17-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", }, product_reference: "openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", }, product_reference: "openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-console-18.3.1~dev17-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", }, product_reference: "openstack-nova-console-18.3.1~dev17-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", }, product_reference: "openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", }, product_reference: "openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", }, product_reference: "openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", }, product_reference: "openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", }, product_reference: "openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-octavia-3.2.3~dev2-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", }, product_reference: "openstack-octavia-3.2.3~dev2-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", }, product_reference: "openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", }, product_reference: "openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-octavia-api-3.2.3~dev2-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", }, product_reference: "openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", }, product_reference: "openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", }, product_reference: "openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", }, product_reference: "openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-ceilometer-11.1.1~dev5-3.13.2.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", }, product_reference: "python-ceilometer-11.1.1~dev5-3.13.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-cinder-13.0.10~dev9-3.19.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev9-3.19.1.noarch", }, product_reference: "python-cinder-13.0.10~dev9-3.19.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-cinderclient-4.0.3-3.6.2.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-cinderclient-4.0.3-3.6.2.noarch", }, product_reference: "python-cinderclient-4.0.3-3.6.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-cinderclient-doc-4.0.3-3.6.2.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", }, product_reference: "python-cinderclient-doc-4.0.3-3.6.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-designate-7.0.1~dev25-3.16.2.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-designate-7.0.1~dev25-3.16.2.noarch", }, product_reference: "python-designate-7.0.1~dev25-3.16.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-glanceclient-2.13.2-3.3.2.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-glanceclient-2.13.2-3.3.2.noarch", }, product_reference: "python-glanceclient-2.13.2-3.3.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-glanceclient-doc-2.13.2-3.3.2.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", }, product_reference: "python-glanceclient-doc-2.13.2-3.3.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-heat-11.0.3~dev35-3.16.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-heat-11.0.3~dev35-3.16.1.noarch", }, product_reference: "python-heat-11.0.3~dev35-3.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-ironic-11.1.5~dev3-3.16.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev3-3.16.1.noarch", }, product_reference: "python-ironic-11.1.5~dev3-3.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-ironic-lib-2.14.3-3.6.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-ironic-lib-2.14.3-3.6.1.noarch", }, product_reference: "python-ironic-lib-2.14.3-3.6.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-ironicclient-2.5.4-4.10.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-ironicclient-2.5.4-4.10.1.noarch", }, product_reference: "python-ironicclient-2.5.4-4.10.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-ironicclient-doc-2.5.4-4.10.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", }, product_reference: "python-ironicclient-doc-2.5.4-4.10.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-keystonemiddleware-5.2.2-17.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-keystonemiddleware-5.2.2-17.1.noarch", }, product_reference: "python-keystonemiddleware-5.2.2-17.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-manila-7.4.2~dev4-4.21.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-manila-7.4.2~dev4-4.21.1.noarch", }, product_reference: "python-manila-7.4.2~dev4-4.21.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-manila-tempest-plugin-0.1.0-3.6.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", }, product_reference: "python-manila-tempest-plugin-0.1.0-3.6.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-neutron-13.0.8~dev28-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev28-3.22.1.noarch", }, product_reference: "python-neutron-13.0.8~dev28-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-nova-18.3.1~dev17-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-nova-18.3.1~dev17-3.22.1.noarch", }, product_reference: "python-nova-18.3.1~dev17-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-novaclient-11.0.1-3.3.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-novaclient-11.0.1-3.3.1.noarch", }, product_reference: "python-novaclient-11.0.1-3.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-novaclient-doc-11.0.1-3.3.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-novaclient-doc-11.0.1-3.3.1.noarch", }, product_reference: "python-novaclient-doc-11.0.1-3.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-octavia-3.2.3~dev2-3.22.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-octavia-3.2.3~dev2-3.22.1.noarch", }, product_reference: "python-octavia-3.2.3~dev2-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-octaviaclient-1.6.2-3.6.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-octaviaclient-1.6.2-3.6.1.noarch", }, product_reference: "python-octaviaclient-1.6.2-3.6.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-openstackclient-3.16.3-11.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-openstackclient-3.16.3-11.1.noarch", }, product_reference: "python-openstackclient-3.16.3-11.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-os-brick-2.5.10-3.9.2.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-os-brick-2.5.10-3.9.2.noarch", }, product_reference: "python-os-brick-2.5.10-3.9.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-os-brick-common-2.5.10-3.9.2.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-os-brick-common-2.5.10-3.9.2.noarch", }, product_reference: "python-os-brick-common-2.5.10-3.9.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-oslo.config-6.4.2-3.3.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-oslo.config-6.4.2-3.3.1.noarch", }, product_reference: "python-oslo.config-6.4.2-3.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-oslo.config-doc-6.4.2-3.3.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", }, product_reference: "python-oslo.config-doc-6.4.2-3.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-oslo.rootwrap-5.14.2-3.3.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", }, product_reference: "python-oslo.rootwrap-5.14.2-3.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-oslo.utils-3.36.5-3.3.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-oslo.utils-3.36.5-3.3.1.noarch", }, product_reference: "python-oslo.utils-3.36.5-3.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-swiftclient-3.6.1-3.3.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-swiftclient-3.6.1-3.3.1.noarch", }, product_reference: "python-swiftclient-3.6.1-3.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-swiftclient-doc-3.6.1-3.3.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", }, product_reference: "python-swiftclient-doc-3.6.1-3.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-watcherclient-2.1.1-3.3.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-watcherclient-2.1.1-3.3.1.noarch", }, product_reference: "python-watcherclient-2.1.1-3.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", }, product_reference: "release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-barbican-x86_64-7.0.1~dev24-3.17.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.17.1.noarch", }, product_reference: "venv-openstack-barbican-x86_64-7.0.1~dev24-3.17.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-cinder-x86_64-13.0.10~dev9-3.17.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev9-3.17.1.noarch", }, product_reference: "venv-openstack-cinder-x86_64-13.0.10~dev9-3.17.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-designate-x86_64-7.0.1~dev25-3.17.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.1~dev25-3.17.1.noarch", }, product_reference: "venv-openstack-designate-x86_64-7.0.1~dev25-3.17.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-glance-x86_64-17.0.1~dev30-3.15.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.15.1.noarch", }, product_reference: "venv-openstack-glance-x86_64-17.0.1~dev30-3.15.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-heat-x86_64-11.0.3~dev35-3.17.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.3~dev35-3.17.1.noarch", }, product_reference: "venv-openstack-heat-x86_64-11.0.3~dev35-3.17.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-horizon-x86_64-14.1.1~dev1-4.16.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev1-4.16.1.noarch", }, product_reference: "venv-openstack-horizon-x86_64-14.1.1~dev1-4.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-ironic-x86_64-11.1.5~dev3-4.13.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev3-4.13.1.noarch", }, product_reference: "venv-openstack-ironic-x86_64-11.1.5~dev3-4.13.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-keystone-x86_64-14.1.1~dev36-3.17.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.1.1~dev36-3.17.1.noarch", }, product_reference: "venv-openstack-keystone-x86_64-14.1.1~dev36-3.17.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-magnum-x86_64-7.2.1~dev1-4.17.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.17.1.noarch", }, product_reference: "venv-openstack-magnum-x86_64-7.2.1~dev1-4.17.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-manila-x86_64-7.4.2~dev4-3.19.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev4-3.19.1.noarch", }, product_reference: "venv-openstack-manila-x86_64-7.4.2~dev4-3.19.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.17.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.17.1.noarch", }, product_reference: "venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.17.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-monasca-x86_64-2.7.1~dev10-3.15.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.15.1.noarch", }, product_reference: "venv-openstack-monasca-x86_64-2.7.1~dev10-3.15.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-neutron-x86_64-13.0.8~dev28-6.17.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev28-6.17.1.noarch", }, product_reference: "venv-openstack-neutron-x86_64-13.0.8~dev28-6.17.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-nova-x86_64-18.3.1~dev17-3.17.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev17-3.17.1.noarch", }, product_reference: "venv-openstack-nova-x86_64-18.3.1~dev17-3.17.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-octavia-x86_64-3.2.3~dev2-4.17.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev2-4.17.1.noarch", }, product_reference: "venv-openstack-octavia-x86_64-3.2.3~dev2-4.17.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-sahara-x86_64-9.0.2~dev15-3.17.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.17.1.noarch", }, product_reference: "venv-openstack-sahara-x86_64-9.0.2~dev15-3.17.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "venv-openstack-swift-x86_64-2.19.2~dev48-2.12.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.12.1.noarch", }, product_reference: "venv-openstack-swift-x86_64-2.19.2~dev48-2.12.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "zookeeper-server-3.4.13-3.3.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:zookeeper-server-3.4.13-3.3.1.noarch", }, product_reference: "zookeeper-server-3.4.13-3.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", }, product_reference: "crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", }, product_reference: "crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "crowbar-ha-6.0+git.1586256059.e6f67e1-3.16.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:crowbar-ha-6.0+git.1586256059.e6f67e1-3.16.1.noarch", }, product_reference: "crowbar-ha-6.0+git.1586256059.e6f67e1-3.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "crowbar-openstack-6.0+git.1587753188.da39e44a7-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:crowbar-openstack-6.0+git.1587753188.da39e44a7-3.22.1.noarch", }, product_reference: "crowbar-openstack-6.0+git.1587753188.da39e44a7-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "memcached-1.5.17-3.3.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:memcached-1.5.17-3.3.1.x86_64", }, product_reference: "memcached-1.5.17-3.3.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-ceilometer-11.1.1~dev5-3.13.2.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", }, product_reference: "openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", }, product_reference: "openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", }, product_reference: "openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", }, product_reference: "openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", }, product_reference: "openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", }, product_reference: "openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-13.0.10~dev9-3.19.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", }, product_reference: "openstack-cinder-13.0.10~dev9-3.19.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-api-13.0.10~dev9-3.19.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", }, product_reference: "openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", }, product_reference: "openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", }, product_reference: "openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", }, product_reference: "openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-designate-7.0.1~dev25-3.16.2.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", }, product_reference: "openstack-designate-7.0.1~dev25-3.16.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-designate-agent-7.0.1~dev25-3.16.2.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", }, product_reference: "openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-designate-api-7.0.1~dev25-3.16.2.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", }, product_reference: "openstack-designate-api-7.0.1~dev25-3.16.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-designate-central-7.0.1~dev25-3.16.2.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", }, product_reference: "openstack-designate-central-7.0.1~dev25-3.16.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-designate-producer-7.0.1~dev25-3.16.2.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", }, product_reference: "openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-designate-sink-7.0.1~dev25-3.16.2.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", }, product_reference: "openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-designate-worker-7.0.1~dev25-3.16.2.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", }, product_reference: "openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-heat-11.0.3~dev35-3.16.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", }, product_reference: "openstack-heat-11.0.3~dev35-3.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-heat-api-11.0.3~dev35-3.16.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", }, product_reference: "openstack-heat-api-11.0.3~dev35-3.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", }, product_reference: "openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-heat-engine-11.0.3~dev35-3.16.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", }, product_reference: "openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", }, product_reference: "openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-ironic-11.1.5~dev3-3.16.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", }, product_reference: "openstack-ironic-11.1.5~dev3-3.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-ironic-api-11.1.5~dev3-3.16.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", }, product_reference: "openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", }, product_reference: "openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", }, product_reference: "openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-7.4.2~dev4-4.21.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", }, product_reference: "openstack-manila-7.4.2~dev4-4.21.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-api-7.4.2~dev4-4.21.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", }, product_reference: "openstack-manila-api-7.4.2~dev4-4.21.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-data-7.4.2~dev4-4.21.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", }, product_reference: "openstack-manila-data-7.4.2~dev4-4.21.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", }, product_reference: "openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-manila-share-7.4.2~dev4-4.21.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", }, product_reference: "openstack-manila-share-7.4.2~dev4-4.21.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-13.0.8~dev28-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", }, product_reference: "openstack-neutron-13.0.8~dev28-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", }, product_reference: "openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", }, product_reference: "openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", }, product_reference: "openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", }, product_reference: "openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", }, product_reference: "openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", }, product_reference: "openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", }, product_reference: "openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", }, product_reference: "openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-neutron-server-13.0.8~dev28-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", }, product_reference: "openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-18.3.1~dev17-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", }, product_reference: "openstack-nova-18.3.1~dev17-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-api-18.3.1~dev17-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", }, product_reference: "openstack-nova-api-18.3.1~dev17-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-cells-18.3.1~dev17-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", }, product_reference: "openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-compute-18.3.1~dev17-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", }, product_reference: "openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", }, product_reference: "openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-console-18.3.1~dev17-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", }, product_reference: "openstack-nova-console-18.3.1~dev17-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", }, product_reference: "openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", }, product_reference: "openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", }, product_reference: "openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", }, product_reference: "openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", }, product_reference: "openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-octavia-3.2.3~dev2-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", }, product_reference: "openstack-octavia-3.2.3~dev2-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", }, product_reference: "openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", }, product_reference: "openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-octavia-api-3.2.3~dev2-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", }, product_reference: "openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", }, product_reference: "openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", }, product_reference: "openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", }, product_reference: "openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-ceilometer-11.1.1~dev5-3.13.2.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", }, product_reference: "python-ceilometer-11.1.1~dev5-3.13.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-cinder-13.0.10~dev9-3.19.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev9-3.19.1.noarch", }, product_reference: "python-cinder-13.0.10~dev9-3.19.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-cinderclient-4.0.3-3.6.2.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-4.0.3-3.6.2.noarch", }, product_reference: "python-cinderclient-4.0.3-3.6.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-cinderclient-doc-4.0.3-3.6.2.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", }, product_reference: "python-cinderclient-doc-4.0.3-3.6.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-designate-7.0.1~dev25-3.16.2.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-designate-7.0.1~dev25-3.16.2.noarch", }, product_reference: "python-designate-7.0.1~dev25-3.16.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-glanceclient-2.13.2-3.3.2.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-2.13.2-3.3.2.noarch", }, product_reference: "python-glanceclient-2.13.2-3.3.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-glanceclient-doc-2.13.2-3.3.2.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", }, product_reference: "python-glanceclient-doc-2.13.2-3.3.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-heat-11.0.3~dev35-3.16.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-heat-11.0.3~dev35-3.16.1.noarch", }, product_reference: "python-heat-11.0.3~dev35-3.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-ironic-11.1.5~dev3-3.16.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev3-3.16.1.noarch", }, product_reference: "python-ironic-11.1.5~dev3-3.16.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-ironic-lib-2.14.3-3.6.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-ironic-lib-2.14.3-3.6.1.noarch", }, product_reference: "python-ironic-lib-2.14.3-3.6.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-ironicclient-2.5.4-4.10.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-2.5.4-4.10.1.noarch", }, product_reference: "python-ironicclient-2.5.4-4.10.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-ironicclient-doc-2.5.4-4.10.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", }, product_reference: "python-ironicclient-doc-2.5.4-4.10.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-keystonemiddleware-5.2.2-17.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-keystonemiddleware-5.2.2-17.1.noarch", }, product_reference: "python-keystonemiddleware-5.2.2-17.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-manila-7.4.2~dev4-4.21.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-manila-7.4.2~dev4-4.21.1.noarch", }, product_reference: "python-manila-7.4.2~dev4-4.21.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-manila-tempest-plugin-0.1.0-3.6.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", }, product_reference: "python-manila-tempest-plugin-0.1.0-3.6.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-neutron-13.0.8~dev28-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev28-3.22.1.noarch", }, product_reference: "python-neutron-13.0.8~dev28-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-nova-18.3.1~dev17-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev17-3.22.1.noarch", }, product_reference: "python-nova-18.3.1~dev17-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-novaclient-11.0.1-3.3.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-novaclient-11.0.1-3.3.1.noarch", }, product_reference: "python-novaclient-11.0.1-3.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-novaclient-doc-11.0.1-3.3.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-novaclient-doc-11.0.1-3.3.1.noarch", }, product_reference: "python-novaclient-doc-11.0.1-3.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-octavia-3.2.3~dev2-3.22.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-octavia-3.2.3~dev2-3.22.1.noarch", }, product_reference: "python-octavia-3.2.3~dev2-3.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-octaviaclient-1.6.2-3.6.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-octaviaclient-1.6.2-3.6.1.noarch", }, product_reference: "python-octaviaclient-1.6.2-3.6.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-openstackclient-3.16.3-11.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-openstackclient-3.16.3-11.1.noarch", }, product_reference: "python-openstackclient-3.16.3-11.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-os-brick-2.5.10-3.9.2.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-os-brick-2.5.10-3.9.2.noarch", }, product_reference: "python-os-brick-2.5.10-3.9.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-os-brick-common-2.5.10-3.9.2.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-os-brick-common-2.5.10-3.9.2.noarch", }, product_reference: "python-os-brick-common-2.5.10-3.9.2.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-oslo.config-6.4.2-3.3.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-6.4.2-3.3.1.noarch", }, product_reference: "python-oslo.config-6.4.2-3.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-oslo.config-doc-6.4.2-3.3.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", }, product_reference: "python-oslo.config-doc-6.4.2-3.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-oslo.rootwrap-5.14.2-3.3.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", }, product_reference: "python-oslo.rootwrap-5.14.2-3.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-oslo.utils-3.36.5-3.3.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-oslo.utils-3.36.5-3.3.1.noarch", }, product_reference: "python-oslo.utils-3.36.5-3.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-swiftclient-3.6.1-3.3.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-3.6.1-3.3.1.noarch", }, product_reference: "python-swiftclient-3.6.1-3.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-swiftclient-doc-3.6.1-3.3.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", }, product_reference: "python-swiftclient-doc-3.6.1-3.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "python-watcherclient-2.1.1-3.3.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-watcherclient-2.1.1-3.3.1.noarch", }, product_reference: "python-watcherclient-2.1.1-3.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", }, product_reference: "release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.x86_64", }, product_reference: "ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", }, product_reference: "ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "zookeeper-server-3.4.13-3.3.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:zookeeper-server-3.4.13-3.3.1.noarch", }, product_reference: "zookeeper-server-3.4.13-3.3.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, ], }, vulnerabilities: [ { cve: "CVE-2019-0201", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-0201", }, ], notes: [ { category: "general", text: "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper's getACL() command doesn't check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1587034359.a12678b-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1583953599.cd723bb-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-cluster-9.0+git.1585653734.c1fe3b2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-db-9.0+git.1586543314.6b6aa20-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-designate-9.0+git.1583445435.4bd1793-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-input-model-9.0+git.1584632190.9541c56-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-logging-9.0+git.1585929695.f35b591-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-monasca-9.0+git.1586769889.d43d736-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-mq-9.0+git.1586350749.a463fd2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-neutron-9.0+git.1587667603.507fb50-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-octavia-9.0+git.1587486004.8e99c6b-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-osconfig-9.0+git.1586546715.dbd07ab-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1587398456.b31cc4a-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-tls-9.0+git.1586301209.c9413b4-3.12.1.noarch", "SUSE OpenStack Cloud 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev9-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.1~dev25-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.3~dev35-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev1-4.16.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev3-4.13.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.1.1~dev36-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev4-3.19.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev28-6.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev17-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev2-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.12.1.noarch", "SUSE OpenStack Cloud 9:zookeeper-server-3.4.13-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-ha-6.0+git.1586256059.e6f67e1-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-openstack-6.0+git.1587753188.da39e44a7-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:zookeeper-server-3.4.13-3.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-0201", url: "https://www.suse.com/security/cve/CVE-2019-0201", }, { category: "external", summary: "SUSE Bug 1135773 for CVE-2019-0201", url: "https://bugzilla.suse.com/1135773", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1587034359.a12678b-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1583953599.cd723bb-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-cluster-9.0+git.1585653734.c1fe3b2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-db-9.0+git.1586543314.6b6aa20-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-designate-9.0+git.1583445435.4bd1793-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-input-model-9.0+git.1584632190.9541c56-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-logging-9.0+git.1585929695.f35b591-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-monasca-9.0+git.1586769889.d43d736-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-mq-9.0+git.1586350749.a463fd2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-neutron-9.0+git.1587667603.507fb50-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-octavia-9.0+git.1587486004.8e99c6b-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-osconfig-9.0+git.1586546715.dbd07ab-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1587398456.b31cc4a-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-tls-9.0+git.1586301209.c9413b4-3.12.1.noarch", "SUSE OpenStack Cloud 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev9-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.1~dev25-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.3~dev35-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev1-4.16.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev3-4.13.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.1.1~dev36-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev4-3.19.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev28-6.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev17-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev2-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.12.1.noarch", "SUSE OpenStack Cloud 9:zookeeper-server-3.4.13-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-ha-6.0+git.1586256059.e6f67e1-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-openstack-6.0+git.1587753188.da39e44a7-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:zookeeper-server-3.4.13-3.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1587034359.a12678b-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1583953599.cd723bb-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-cluster-9.0+git.1585653734.c1fe3b2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-db-9.0+git.1586543314.6b6aa20-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-designate-9.0+git.1583445435.4bd1793-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-input-model-9.0+git.1584632190.9541c56-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-logging-9.0+git.1585929695.f35b591-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-monasca-9.0+git.1586769889.d43d736-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-mq-9.0+git.1586350749.a463fd2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-neutron-9.0+git.1587667603.507fb50-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-octavia-9.0+git.1587486004.8e99c6b-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-osconfig-9.0+git.1586546715.dbd07ab-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1587398456.b31cc4a-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-tls-9.0+git.1586301209.c9413b4-3.12.1.noarch", "SUSE OpenStack Cloud 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev9-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.1~dev25-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.3~dev35-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev1-4.16.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev3-4.13.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.1.1~dev36-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev4-3.19.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev28-6.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev17-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev2-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.12.1.noarch", "SUSE OpenStack Cloud 9:zookeeper-server-3.4.13-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-ha-6.0+git.1586256059.e6f67e1-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-openstack-6.0+git.1587753188.da39e44a7-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:zookeeper-server-3.4.13-3.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-05-05T11:44:39Z", details: "important", }, ], title: "CVE-2019-0201", }, { cve: "CVE-2019-11596", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11596", }, ], notes: [ { category: "general", text: "In memcached before 1.5.14, a NULL pointer dereference was found in the \"lru mode\" and \"lru temp_ttl\" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1587034359.a12678b-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1583953599.cd723bb-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-cluster-9.0+git.1585653734.c1fe3b2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-db-9.0+git.1586543314.6b6aa20-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-designate-9.0+git.1583445435.4bd1793-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-input-model-9.0+git.1584632190.9541c56-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-logging-9.0+git.1585929695.f35b591-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-monasca-9.0+git.1586769889.d43d736-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-mq-9.0+git.1586350749.a463fd2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-neutron-9.0+git.1587667603.507fb50-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-octavia-9.0+git.1587486004.8e99c6b-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-osconfig-9.0+git.1586546715.dbd07ab-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1587398456.b31cc4a-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-tls-9.0+git.1586301209.c9413b4-3.12.1.noarch", "SUSE OpenStack Cloud 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev9-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.1~dev25-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.3~dev35-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev1-4.16.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev3-4.13.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.1.1~dev36-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev4-3.19.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev28-6.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev17-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev2-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.12.1.noarch", "SUSE OpenStack Cloud 9:zookeeper-server-3.4.13-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-ha-6.0+git.1586256059.e6f67e1-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-openstack-6.0+git.1587753188.da39e44a7-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:zookeeper-server-3.4.13-3.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-11596", url: "https://www.suse.com/security/cve/CVE-2019-11596", }, { category: "external", summary: "SUSE Bug 1133817 for CVE-2019-11596", url: "https://bugzilla.suse.com/1133817", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1587034359.a12678b-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1583953599.cd723bb-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-cluster-9.0+git.1585653734.c1fe3b2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-db-9.0+git.1586543314.6b6aa20-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-designate-9.0+git.1583445435.4bd1793-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-input-model-9.0+git.1584632190.9541c56-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-logging-9.0+git.1585929695.f35b591-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-monasca-9.0+git.1586769889.d43d736-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-mq-9.0+git.1586350749.a463fd2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-neutron-9.0+git.1587667603.507fb50-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-octavia-9.0+git.1587486004.8e99c6b-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-osconfig-9.0+git.1586546715.dbd07ab-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1587398456.b31cc4a-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-tls-9.0+git.1586301209.c9413b4-3.12.1.noarch", "SUSE OpenStack Cloud 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev9-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.1~dev25-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.3~dev35-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev1-4.16.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev3-4.13.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.1.1~dev36-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev4-3.19.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev28-6.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev17-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev2-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.12.1.noarch", "SUSE OpenStack Cloud 9:zookeeper-server-3.4.13-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-ha-6.0+git.1586256059.e6f67e1-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-openstack-6.0+git.1587753188.da39e44a7-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:zookeeper-server-3.4.13-3.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1587034359.a12678b-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1583953599.cd723bb-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-cluster-9.0+git.1585653734.c1fe3b2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-db-9.0+git.1586543314.6b6aa20-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-designate-9.0+git.1583445435.4bd1793-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-input-model-9.0+git.1584632190.9541c56-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-logging-9.0+git.1585929695.f35b591-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-monasca-9.0+git.1586769889.d43d736-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-mq-9.0+git.1586350749.a463fd2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-neutron-9.0+git.1587667603.507fb50-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-octavia-9.0+git.1587486004.8e99c6b-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-osconfig-9.0+git.1586546715.dbd07ab-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1587398456.b31cc4a-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-tls-9.0+git.1586301209.c9413b4-3.12.1.noarch", "SUSE OpenStack Cloud 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev9-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.1~dev25-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.3~dev35-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev1-4.16.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev3-4.13.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.1.1~dev36-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev4-3.19.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev28-6.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev17-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev2-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.12.1.noarch", "SUSE OpenStack Cloud 9:zookeeper-server-3.4.13-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-ha-6.0+git.1586256059.e6f67e1-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-openstack-6.0+git.1587753188.da39e44a7-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:zookeeper-server-3.4.13-3.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-05-05T11:44:39Z", details: "important", }, ], title: "CVE-2019-11596", }, { cve: "CVE-2019-15026", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-15026", }, ], notes: [ { category: "general", text: "memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1587034359.a12678b-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1583953599.cd723bb-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-cluster-9.0+git.1585653734.c1fe3b2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-db-9.0+git.1586543314.6b6aa20-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-designate-9.0+git.1583445435.4bd1793-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-input-model-9.0+git.1584632190.9541c56-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-logging-9.0+git.1585929695.f35b591-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-monasca-9.0+git.1586769889.d43d736-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-mq-9.0+git.1586350749.a463fd2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-neutron-9.0+git.1587667603.507fb50-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-octavia-9.0+git.1587486004.8e99c6b-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-osconfig-9.0+git.1586546715.dbd07ab-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1587398456.b31cc4a-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-tls-9.0+git.1586301209.c9413b4-3.12.1.noarch", "SUSE OpenStack Cloud 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev9-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.1~dev25-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.3~dev35-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev1-4.16.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev3-4.13.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.1.1~dev36-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev4-3.19.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev28-6.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev17-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev2-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.12.1.noarch", "SUSE OpenStack Cloud 9:zookeeper-server-3.4.13-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-ha-6.0+git.1586256059.e6f67e1-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-openstack-6.0+git.1587753188.da39e44a7-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:zookeeper-server-3.4.13-3.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-15026", url: "https://www.suse.com/security/cve/CVE-2019-15026", }, { category: "external", summary: "SUSE Bug 1149110 for CVE-2019-15026", url: "https://bugzilla.suse.com/1149110", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1587034359.a12678b-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1583953599.cd723bb-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-cluster-9.0+git.1585653734.c1fe3b2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-db-9.0+git.1586543314.6b6aa20-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-designate-9.0+git.1583445435.4bd1793-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-input-model-9.0+git.1584632190.9541c56-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-logging-9.0+git.1585929695.f35b591-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-monasca-9.0+git.1586769889.d43d736-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-mq-9.0+git.1586350749.a463fd2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-neutron-9.0+git.1587667603.507fb50-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-octavia-9.0+git.1587486004.8e99c6b-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-osconfig-9.0+git.1586546715.dbd07ab-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1587398456.b31cc4a-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-tls-9.0+git.1586301209.c9413b4-3.12.1.noarch", "SUSE OpenStack Cloud 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev9-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.1~dev25-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.3~dev35-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev1-4.16.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev3-4.13.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.1.1~dev36-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev4-3.19.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev28-6.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev17-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev2-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.12.1.noarch", "SUSE OpenStack Cloud 9:zookeeper-server-3.4.13-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-ha-6.0+git.1586256059.e6f67e1-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-openstack-6.0+git.1587753188.da39e44a7-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:zookeeper-server-3.4.13-3.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.0", }, products: [ "SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1587034359.a12678b-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1583953599.cd723bb-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-cluster-9.0+git.1585653734.c1fe3b2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-db-9.0+git.1586543314.6b6aa20-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-designate-9.0+git.1583445435.4bd1793-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-input-model-9.0+git.1584632190.9541c56-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-logging-9.0+git.1585929695.f35b591-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-monasca-9.0+git.1586769889.d43d736-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-mq-9.0+git.1586350749.a463fd2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-neutron-9.0+git.1587667603.507fb50-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-octavia-9.0+git.1587486004.8e99c6b-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-osconfig-9.0+git.1586546715.dbd07ab-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1587398456.b31cc4a-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-tls-9.0+git.1586301209.c9413b4-3.12.1.noarch", "SUSE OpenStack Cloud 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev9-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.1~dev25-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.3~dev35-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev1-4.16.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev3-4.13.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.1.1~dev36-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev4-3.19.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev28-6.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev17-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev2-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.12.1.noarch", "SUSE OpenStack Cloud 9:zookeeper-server-3.4.13-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-ha-6.0+git.1586256059.e6f67e1-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-openstack-6.0+git.1587753188.da39e44a7-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:zookeeper-server-3.4.13-3.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-05-05T11:44:39Z", details: "low", }, ], title: "CVE-2019-15026", }, { cve: "CVE-2020-5247", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-5247", }, ], notes: [ { category: "general", text: "In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1587034359.a12678b-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1583953599.cd723bb-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-cluster-9.0+git.1585653734.c1fe3b2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-db-9.0+git.1586543314.6b6aa20-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-designate-9.0+git.1583445435.4bd1793-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-input-model-9.0+git.1584632190.9541c56-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-logging-9.0+git.1585929695.f35b591-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-monasca-9.0+git.1586769889.d43d736-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-mq-9.0+git.1586350749.a463fd2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-neutron-9.0+git.1587667603.507fb50-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-octavia-9.0+git.1587486004.8e99c6b-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-osconfig-9.0+git.1586546715.dbd07ab-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1587398456.b31cc4a-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-tls-9.0+git.1586301209.c9413b4-3.12.1.noarch", "SUSE OpenStack Cloud 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev9-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.1~dev25-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.3~dev35-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev1-4.16.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev3-4.13.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.1.1~dev36-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev4-3.19.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev28-6.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev17-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev2-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.12.1.noarch", "SUSE OpenStack Cloud 9:zookeeper-server-3.4.13-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-ha-6.0+git.1586256059.e6f67e1-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-openstack-6.0+git.1587753188.da39e44a7-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:zookeeper-server-3.4.13-3.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-5247", url: "https://www.suse.com/security/cve/CVE-2020-5247", }, { category: "external", summary: "SUSE Bug 1165402 for CVE-2020-5247", url: "https://bugzilla.suse.com/1165402", }, { category: "external", summary: "SUSE Bug 1165524 for CVE-2020-5247", url: "https://bugzilla.suse.com/1165524", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1587034359.a12678b-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1583953599.cd723bb-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-cluster-9.0+git.1585653734.c1fe3b2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-db-9.0+git.1586543314.6b6aa20-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-designate-9.0+git.1583445435.4bd1793-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-input-model-9.0+git.1584632190.9541c56-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-logging-9.0+git.1585929695.f35b591-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-monasca-9.0+git.1586769889.d43d736-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-mq-9.0+git.1586350749.a463fd2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-neutron-9.0+git.1587667603.507fb50-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-octavia-9.0+git.1587486004.8e99c6b-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-osconfig-9.0+git.1586546715.dbd07ab-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1587398456.b31cc4a-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-tls-9.0+git.1586301209.c9413b4-3.12.1.noarch", "SUSE OpenStack Cloud 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev9-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.1~dev25-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.3~dev35-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev1-4.16.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev3-4.13.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.1.1~dev36-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev4-3.19.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev28-6.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev17-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev2-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.12.1.noarch", "SUSE OpenStack Cloud 9:zookeeper-server-3.4.13-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-ha-6.0+git.1586256059.e6f67e1-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-openstack-6.0+git.1587753188.da39e44a7-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:zookeeper-server-3.4.13-3.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1587034359.a12678b-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1583953599.cd723bb-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-cluster-9.0+git.1585653734.c1fe3b2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-db-9.0+git.1586543314.6b6aa20-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-designate-9.0+git.1583445435.4bd1793-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-input-model-9.0+git.1584632190.9541c56-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-logging-9.0+git.1585929695.f35b591-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-monasca-9.0+git.1586769889.d43d736-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-mq-9.0+git.1586350749.a463fd2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-neutron-9.0+git.1587667603.507fb50-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-octavia-9.0+git.1587486004.8e99c6b-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-osconfig-9.0+git.1586546715.dbd07ab-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1587398456.b31cc4a-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-tls-9.0+git.1586301209.c9413b4-3.12.1.noarch", "SUSE OpenStack Cloud 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev9-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.1~dev25-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.3~dev35-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev1-4.16.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev3-4.13.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.1.1~dev36-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev4-3.19.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev28-6.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev17-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev2-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.12.1.noarch", "SUSE OpenStack Cloud 9:zookeeper-server-3.4.13-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-ha-6.0+git.1586256059.e6f67e1-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-openstack-6.0+git.1587753188.da39e44a7-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:zookeeper-server-3.4.13-3.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-05-05T11:44:39Z", details: "moderate", }, ], title: "CVE-2020-5247", }, { cve: "CVE-2020-9543", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-9543", }, ], notes: [ { category: "general", text: "OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1587034359.a12678b-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1583953599.cd723bb-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-cluster-9.0+git.1585653734.c1fe3b2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-db-9.0+git.1586543314.6b6aa20-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-designate-9.0+git.1583445435.4bd1793-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-input-model-9.0+git.1584632190.9541c56-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-logging-9.0+git.1585929695.f35b591-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-monasca-9.0+git.1586769889.d43d736-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-mq-9.0+git.1586350749.a463fd2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-neutron-9.0+git.1587667603.507fb50-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-octavia-9.0+git.1587486004.8e99c6b-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-osconfig-9.0+git.1586546715.dbd07ab-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1587398456.b31cc4a-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-tls-9.0+git.1586301209.c9413b4-3.12.1.noarch", "SUSE OpenStack Cloud 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev9-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.1~dev25-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.3~dev35-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev1-4.16.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev3-4.13.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.1.1~dev36-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev4-3.19.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev28-6.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev17-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev2-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.12.1.noarch", "SUSE OpenStack Cloud 9:zookeeper-server-3.4.13-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-ha-6.0+git.1586256059.e6f67e1-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-openstack-6.0+git.1587753188.da39e44a7-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:zookeeper-server-3.4.13-3.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-9543", url: "https://www.suse.com/security/cve/CVE-2020-9543", }, { category: "external", summary: "SUSE Bug 1165643 for CVE-2020-9543", url: "https://bugzilla.suse.com/1165643", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1587034359.a12678b-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1583953599.cd723bb-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-cluster-9.0+git.1585653734.c1fe3b2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-db-9.0+git.1586543314.6b6aa20-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-designate-9.0+git.1583445435.4bd1793-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-input-model-9.0+git.1584632190.9541c56-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-logging-9.0+git.1585929695.f35b591-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-monasca-9.0+git.1586769889.d43d736-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-mq-9.0+git.1586350749.a463fd2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-neutron-9.0+git.1587667603.507fb50-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-octavia-9.0+git.1587486004.8e99c6b-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-osconfig-9.0+git.1586546715.dbd07ab-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1587398456.b31cc4a-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-tls-9.0+git.1586301209.c9413b4-3.12.1.noarch", "SUSE OpenStack Cloud 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev9-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.1~dev25-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.3~dev35-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev1-4.16.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev3-4.13.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.1.1~dev36-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev4-3.19.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev28-6.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev17-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev2-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.12.1.noarch", "SUSE OpenStack Cloud 9:zookeeper-server-3.4.13-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-ha-6.0+git.1586256059.e6f67e1-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-openstack-6.0+git.1587753188.da39e44a7-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:zookeeper-server-3.4.13-3.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1587034359.a12678b-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1583953599.cd723bb-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-cluster-9.0+git.1585653734.c1fe3b2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-db-9.0+git.1586543314.6b6aa20-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-designate-9.0+git.1583445435.4bd1793-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-input-model-9.0+git.1584632190.9541c56-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-logging-9.0+git.1585929695.f35b591-3.10.1.noarch", "SUSE OpenStack Cloud 9:ardana-monasca-9.0+git.1586769889.d43d736-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-mq-9.0+git.1586350749.a463fd2-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-neutron-9.0+git.1587667603.507fb50-3.19.1.noarch", "SUSE OpenStack Cloud 9:ardana-octavia-9.0+git.1587486004.8e99c6b-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-osconfig-9.0+git.1586546715.dbd07ab-3.16.1.noarch", "SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1587398456.b31cc4a-3.13.1.noarch", "SUSE OpenStack Cloud 9:ardana-tls-9.0+git.1586301209.c9413b4-3.12.1.noarch", "SUSE OpenStack Cloud 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev9-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.1~dev25-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.3~dev35-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev1-4.16.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev3-4.13.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.1.1~dev36-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev4-3.19.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.15.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev28-6.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev17-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev2-4.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.17.1.noarch", "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.12.1.noarch", "SUSE OpenStack Cloud 9:zookeeper-server-3.4.13-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2.x86_64", "SUSE OpenStack Cloud Crowbar 9:crowbar-ha-6.0+git.1586256059.e6f67e1-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:crowbar-openstack-6.0+git.1587753188.da39e44a7-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:memcached-1.5.17-3.3.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ceilometer-polling-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-agent-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-api-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-central-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-producer-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-sink-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-designate-worker-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-api-cfn-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-engine-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-image-x86_64-9.0.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-api-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-data-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-scheduler-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-manila-share-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-api-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-health-manager-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-housekeeping-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:openstack-octavia-worker-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ceilometer-11.1.1~dev5-3.13.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev9-3.19.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-cinderclient-doc-4.0.3-3.6.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-designate-7.0.1~dev25-3.16.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-glanceclient-doc-2.13.2-3.3.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-heat-11.0.3~dev35-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev3-3.16.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironic-lib-2.14.3-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-ironicclient-doc-2.5.4-4.10.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-keystonemiddleware-5.2.2-17.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-7.4.2~dev4-4.21.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-manila-tempest-plugin-0.1.0-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev28-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev17-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-novaclient-doc-11.0.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octavia-3.2.3~dev2-3.22.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-octaviaclient-1.6.2-3.6.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-openstackclient-3.16.3-11.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-os-brick-common-2.5.10-3.9.2.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.config-doc-6.4.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.rootwrap-5.14.2-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-oslo.utils-3.36.5-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-swiftclient-doc-3.6.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:python-watcherclient-2.1.1-3.3.1.noarch", "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20200319-3.18.1.noarch", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.6.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:zookeeper-server-3.4.13-3.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-05-05T11:44:39Z", details: "important", }, ], title: "CVE-2020-9543", }, ], }
rhsa-2019:3140
Vulnerability from csaf_redhat
Published
2019-10-17 14:54
Modified
2025-01-19 19:46
Summary
Red Hat Security Advisory: Red Hat JBoss Data Virtualization 6.4.8 security update
Notes
Topic
An update is now available for Red Hat JBoss Data Virtualization.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database.
This release of Red Hat JBoss Data Virtualization 6.4.8 serves as a replacement for Red Hat JBoss Data Virtualization 6.4.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands (CVE-2016-5397)
* tika-core: tika: Command injection in tika-server can allow remote attackers to execute arbitrary commands via crafted headers (CVE-2018-1335)
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
* jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)
* libthrift: thrift: Improper Access Control grants access to files outside the webservers docroot path (CVE-2018-11798)
* jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)
* jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)
* jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)
* jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)
* jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)
* jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)
* jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)
* zookeeper: Information disclosure in Apache ZooKeeper (CVE-2019-0201)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Data Virtualization.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database.\n\nThis release of Red Hat JBoss Data Virtualization 6.4.8 serves as a replacement for Red Hat JBoss Data Virtualization 6.4.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands (CVE-2016-5397)\n\n* tika-core: tika: Command injection in tika-server can allow remote attackers to execute arbitrary commands via crafted headers (CVE-2018-1335)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\n* jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)\n\n* libthrift: thrift: Improper Access Control grants access to files outside the webservers docroot path (CVE-2018-11798)\n\n* jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)\n\n* jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)\n\n* jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)\n\n* jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)\n\n* jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)\n\n* jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)\n\n* jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)\n\n* zookeeper: Information disclosure in Apache ZooKeeper (CVE-2019-0201)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2019:3140", url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.services.platform&downloadType=securityPatches&version=6.4", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.services.platform&downloadType=securityPatches&version=6.4", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_data_virtualization/6.4/html/release_notes/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_data_virtualization/6.4/html/release_notes/", }, { category: "external", summary: "1544620", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1544620", }, { category: "external", summary: "1548909", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1548909", }, { category: "external", summary: "1572416", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1572416", }, { category: "external", summary: "1666415", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666415", }, { category: "external", summary: "1666418", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666418", }, { category: "external", summary: "1666482", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666482", }, { category: "external", summary: "1666484", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666484", }, { category: "external", summary: "1666489", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666489", }, { category: "external", summary: "1667188", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1667188", }, { category: "external", summary: "1671096", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671096", }, { category: "external", summary: "1671097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671097", }, { category: "external", summary: "1677341", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677341", }, { category: "external", summary: "1715197", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1715197", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3140.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Data Virtualization 6.4.8 security update", tracking: { current_release_date: "2025-01-19T19:46:15+00:00", generator: { date: "2025-01-19T19:46:15+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.6", }, }, id: "RHSA-2019:3140", initial_release_date: "2019-10-17T14:54:30+00:00", revision_history: [ { date: "2019-10-17T14:54:30+00:00", number: "1", summary: "Initial version", }, { date: "2019-10-17T14:54:30+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-19T19:46:15+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Data Virtualization 6.4.8", product: { name: "Red Hat JBoss Data Virtualization 6.4.8", product_id: "Red Hat JBoss Data Virtualization 6.4.8", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_data_virtualization:6.4", }, }, }, ], category: "product_family", name: "Red Hat JBoss Data Virtualization", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2016-5397", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, discovery_date: "2018-02-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1544620", }, ], notes: [ { category: "description", text: "The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.", title: "Vulnerability description", }, { category: "summary", text: "thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands", title: "Vulnerability summary", }, { category: "other", text: "libthrift is a library used by OpenDaylight which is shipped with Red Hat OpenStack. Whilst the version of the library used contains the vulnerable code it is not used by OpenDaylight and hence not exposed.\n\nJBoss fuse 6.3 ships libthrift via insight-activemq fabric-8 profile, however the vulnerable code is not used by fabric-8 so fuse 6.3 is not affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-5397", }, { category: "external", summary: "RHBZ#1544620", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1544620", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-5397", url: "https://www.cve.org/CVERecord?id=CVE-2016-5397", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-5397", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-5397", }, ], release_date: "2016-07-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands", }, { cve: "CVE-2018-1335", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, discovery_date: "2018-04-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1572416", }, ], notes: [ { category: "description", text: "From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.", title: "Vulnerability description", }, { category: "summary", text: "tika: Command injection in tika-server can allow remote attackers to execute arbitrary commands via crafted headers", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of tika which is embedded in the nutch package as shipped with Red Hat Satellite 5. The tika server is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-1335", }, { category: "external", summary: "RHBZ#1572416", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1572416", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-1335", url: "https://www.cve.org/CVERecord?id=CVE-2018-1335", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1335", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1335", }, { category: "external", summary: "https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E", url: "https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E", }, ], release_date: "2018-04-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tika: Command injection in tika-server can allow remote attackers to execute arbitrary commands via crafted headers", }, { acknowledgments: [ { names: [ "Chris McCown", ], }, ], cve: "CVE-2018-8088", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2018-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1548909", }, ], notes: [ { category: "description", text: "An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", title: "Vulnerability description", }, { category: "summary", text: "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", title: "Vulnerability summary", }, { category: "other", text: "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-8088", }, { category: "external", summary: "RHBZ#1548909", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1548909", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-8088", url: "https://www.cve.org/CVERecord?id=CVE-2018-8088", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", }, ], release_date: "2018-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", }, { cve: "CVE-2018-11307", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-02-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1677341", }, ], notes: [ { category: "description", text: "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using MyBatis classes when using DefaultTyping. An attacker could use this flaw to achieve content exfiltration and possibly conduct further attacks.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since Candlepin's java runtime environment does not load MyBatis classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not include MyBatis classes.\n\nRed Hat Fuse 6 and 7 are not directly affected by this issue, as although they do ship the vulnerable jackson-databind component, they do not enable polymorphic deserialization or default typing which are required for exploitability. Their impacts have correspondingly been reduced to Moderate. Future updates may address this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-11307", }, { category: "external", summary: "RHBZ#1677341", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677341", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-11307", url: "https://www.cve.org/CVERecord?id=CVE-2018-11307", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-11307", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-11307", }, ], release_date: "2018-05-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis", }, { cve: "CVE-2018-11798", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2019-01-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1667188", }, ], notes: [ { category: "description", text: "A flaw was found in the Node.js static web server in Apache Thrift, where it allowed a remote user to access files outside of the set web servers' docroot path. An attacker could use this flaw to possibly access unauthorized files and sensitive information.", title: "Vulnerability description", }, { category: "summary", text: "thrift: Improper Access Control grants access to files outside the webservers docroot path", title: "Vulnerability summary", }, { category: "other", text: "OpenStack and OpenDaylight:\nThe Java implementation of thrift is used in OpenDaylight by parts of the vpnservice functionality. This flaw refers to the JavaScript (node.js) server for Thrift, which is not used or shipped with OpenDaylight or any other part of Red Hat OpenStack Platform.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-11798", }, { category: "external", summary: "RHBZ#1667188", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1667188", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-11798", url: "https://www.cve.org/CVERecord?id=CVE-2018-11798", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-11798", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-11798", }, ], release_date: "2018-10-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "thrift: Improper Access Control grants access to files outside the webservers docroot path", }, { cve: "CVE-2018-12022", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1671097", }, ], notes: [ { category: "description", text: "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization of types from Jodd-db library", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since Candlepin's java runtime environment does not load Jodd classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not load Jodd classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-12022", }, { category: "external", summary: "RHBZ#1671097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671097", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-12022", url: "https://www.cve.org/CVERecord?id=CVE-2018-12022", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-12022", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-12022", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization of types from Jodd-db library", }, { cve: "CVE-2018-12023", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1671096", }, ], notes: [ { category: "description", text: "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Oracle JDBC classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since Candlepin's java runtime environment does not load Oracle's JDBC classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not load Oracle's JDBC classes.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-12023", }, { category: "external", summary: "RHBZ#1671096", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671096", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-12023", url: "https://www.cve.org/CVERecord?id=CVE-2018-12023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-12023", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-12023", }, ], release_date: "2018-06-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver", }, { cve: "CVE-2018-14718", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666415", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: arbitrary code execution in slf4j-ext class", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in jackson-databind involves exploiting CVE-2018-1088 against slf4j, which was fixed in Red Hat products through the errata referenced at https://access.redhat.com/security/cve/cve-2018-8088. Applications that link only slf4j versions including that fix are not vulnerable to this vulnerability.\n\nRed Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't bundle slf4j-ext jar.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14718", }, { category: "external", summary: "RHBZ#1666415", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666415", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14718", url: "https://www.cve.org/CVERecord?id=CVE-2018-14718", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14718", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14718", }, ], release_date: "2018-07-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: arbitrary code execution in slf4j-ext class", }, { cve: "CVE-2018-14719", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666418", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using blaze classes. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes", title: "Vulnerability summary", }, { category: "other", text: "The following Red Hat products are not affected by this issue as they do not bundle or provide the requisite gadget jars to exploit this vulnerability:\nRed Hat Satellite 6\nRed Hat Enterprise Virtualization 4\nRed Hat Fuse 6, 7, and Fuse Integration Services 2\nRed Hat A-MQ 6", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14719", }, { category: "external", summary: "RHBZ#1666418", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666418", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14719", url: "https://www.cve.org/CVERecord?id=CVE-2018-14719", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14719", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14719", }, ], release_date: "2018-07-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes", }, { cve: "CVE-2018-19360", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666482", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the axis2-transport-jms class. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization in axis2-transport-jms class", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't include axis2-transport-jms jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not include axis2-transport-jms jar.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-19360", }, { category: "external", summary: "RHBZ#1666482", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666482", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-19360", url: "https://www.cve.org/CVERecord?id=CVE-2018-19360", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-19360", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-19360", }, ], release_date: "2018-11-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization in axis2-transport-jms class", }, { cve: "CVE-2018-19361", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666484", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the OpenJPA class. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization in openjpa class", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't bundle openjpa jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since its candlepin component doesn't bundle openjpa jar.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-19361", }, { category: "external", summary: "RHBZ#1666484", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666484", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-19361", url: "https://www.cve.org/CVERecord?id=CVE-2018-19361", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-19361", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-19361", }, ], release_date: "2018-11-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization in openjpa class", }, { cve: "CVE-2018-19362", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666489", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the jboss-common-core class. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization in jboss-common-core class", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't bundle jboss-common-core jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since its candlepin component doesn't bundle jboss-common-core jar.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-19362", }, { category: "external", summary: "RHBZ#1666489", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666489", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-19362", url: "https://www.cve.org/CVERecord?id=CVE-2018-19362", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-19362", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-19362", }, ], release_date: "2018-11-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization in jboss-common-core class", }, { cve: "CVE-2019-0201", cwe: { id: "CWE-732", name: "Incorrect Permission Assignment for Critical Resource", }, discovery_date: "2019-05-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1715197", }, ], notes: [ { category: "description", text: "A flaw was found in Apache ZooKeeper. A lack of permission checks while retrieving ACLs allows unsalted hash values to be disclosed for unauthenticated or unprivileged users.", title: "Vulnerability description", }, { category: "summary", text: "zookeeper: Information disclosure in Apache ZooKeeper", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-0201", }, { category: "external", summary: "RHBZ#1715197", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1715197", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-0201", url: "https://www.cve.org/CVERecord?id=CVE-2019-0201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-0201", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-0201", }, ], release_date: "2019-05-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { category: "workaround", details: "Use an authentication method other than Digest (e.g. Kerberos) or upgrade to zookeeper 3.4.14 or later (3.5.5 or later if on the 3.5 branch). [https://zookeeper.apache.org/security.html#CVE-2019-0201]", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "zookeeper: Information disclosure in Apache ZooKeeper", }, ], }
rhsa-2019_4352
Vulnerability from csaf_redhat
Published
2019-12-19 17:37
Modified
2024-11-22 13:27
Summary
Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R14 security and bug fix update
Notes
Topic
An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications.
This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below.
Security fix(es):
* zookeeper: Information disclosure in Apache ZooKeeper (CVE-2019-0201)
* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
* HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)
* xstream: remote code execution due to insecure XML deserialization (CVE-2019-10173)
* jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications.\n\nThis patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below.\n\nSecurity fix(es):\n\n* zookeeper: Information disclosure in Apache ZooKeeper (CVE-2019-0201)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) \n\n* HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)\n\n* xstream: remote code execution due to insecure XML deserialization (CVE-2019-10173)\n\n* jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2019:4352", url: "https://access.redhat.com/errata/RHSA-2019:4352", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.broker&downloadType=securityPatches&version=6.3.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.broker&downloadType=securityPatches&version=6.3.0", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=securityPatches&version=6.3", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=securityPatches&version=6.3", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/release_notes/index", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/release_notes/index", }, { category: "external", summary: "1715197", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1715197", }, { category: "external", summary: "1722971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1722971", }, { category: "external", summary: "1725807", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1725807", }, { category: "external", summary: "1735645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735645", }, { category: "external", summary: "1735744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", }, { category: "external", summary: "1735745", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735745", }, { category: "external", summary: "1735749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735749", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_4352.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R14 security and bug fix update", tracking: { current_release_date: "2024-11-22T13:27:38+00:00", generator: { date: "2024-11-22T13:27:38+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2019:4352", initial_release_date: "2019-12-19T17:37:50+00:00", revision_history: [ { date: "2019-12-19T17:37:50+00:00", number: "1", summary: "Initial version", }, { date: "2019-12-19T17:37:50+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T13:27:38+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Fuse 6.3", product: { name: "Red Hat Fuse 6.3", product_id: "Red Hat Fuse 6.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_fuse:6.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Fuse", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2019-0201", cwe: { id: "CWE-732", name: "Incorrect Permission Assignment for Critical Resource", }, discovery_date: "2019-05-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1715197", }, ], notes: [ { category: "description", text: "A flaw was found in Apache ZooKeeper. A lack of permission checks while retrieving ACLs allows unsalted hash values to be disclosed for unauthenticated or unprivileged users.", title: "Vulnerability description", }, { category: "summary", text: "zookeeper: Information disclosure in Apache ZooKeeper", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-0201", }, { category: "external", summary: "RHBZ#1715197", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1715197", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-0201", url: "https://www.cve.org/CVERecord?id=CVE-2019-0201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-0201", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-0201", }, ], release_date: "2019-05-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-12-19T17:37:50+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:4352", }, { category: "workaround", details: "Use an authentication method other than Digest (e.g. Kerberos) or upgrade to zookeeper 3.4.14 or later (3.5.5 or later if on the 3.5 branch). [https://zookeeper.apache.org/security.html#CVE-2019-0201]", product_ids: [ "Red Hat Fuse 6.3", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "Red Hat Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "zookeeper: Information disclosure in Apache ZooKeeper", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9512", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735645", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using PING frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9512", }, { category: "external", summary: "RHBZ#1735645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735645", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9512", url: "https://www.cve.org/CVERecord?id=CVE-2019-9512", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", url: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", url: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-12-19T17:37:50+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:4352", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using PING frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9514", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735744", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RST_STREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using HEADERS frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9514", }, { category: "external", summary: "RHBZ#1735744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9514", url: "https://www.cve.org/CVERecord?id=CVE-2019-9514", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", url: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", url: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-12-19T17:37:50+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:4352", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using HEADERS frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9515", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735745", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using SETTINGS frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of grafana(embeds gRPC) as shipped with Red Hat Ceph Storage 3 as it include the support for HTTP/2.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9515", }, { category: "external", summary: "RHBZ#1735745", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735745", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9515", url: "https://www.cve.org/CVERecord?id=CVE-2019-9515", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9515", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9515", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-12-19T17:37:50+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:4352", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using SETTINGS frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735749", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using empty frames results in excessive resource consumption", title: "Vulnerability summary", }, { category: "other", text: "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9518", }, { category: "external", summary: "RHBZ#1735749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735749", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9518", url: "https://www.cve.org/CVERecord?id=CVE-2019-9518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9518", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9518", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-12-19T17:37:50+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:4352", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using empty frames results in excessive resource consumption", }, { cve: "CVE-2019-10173", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, discovery_date: "2019-06-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1722971", }, ], notes: [ { category: "description", text: "It was found that xstream API version 1.4.10 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. This a regression of CVE-2013-7285 fixed in 1.4.7 (fixed) as of BPMS 6.0.1, the regression was introduced with xstream-1.4.10 implemented in RHPAM.", title: "Vulnerability description", }, { category: "summary", text: "xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-10173", }, { category: "external", summary: "RHBZ#1722971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1722971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-10173", url: "https://www.cve.org/CVERecord?id=CVE-2019-10173", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-10173", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-10173", }, { category: "external", summary: "http://x-stream.github.io/changes.html#1.4.11", url: "http://x-stream.github.io/changes.html#1.4.11", }, ], release_date: "2018-10-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-12-19T17:37:50+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:4352", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)", }, { cve: "CVE-2019-12384", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-06-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1725807", }, ], notes: [ { category: "description", text: "A flaw was discovered in FasterXML jackson-databind in versions prior to 2.9.9. The vulnerability would permit polymorphic deserialization of malicious objects using the logback-core gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. Depending on the classpath content, remote code execution may be possible.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution", title: "Vulnerability summary", }, { category: "other", text: "Red Hat OpenStack's OpenDaylight does not use logback in any supported configuration. Therefore, the prerequisites for this vulnerability are not present and OpenDaylight is not affected.\n\nThis vulnerability relies on logback-core (ch.qos.logback.core) being present in the application's ClassPath. Logback-core is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use logback-core are not impacted by this vulnerability.\n\nThis issue affects the versions of jackson-databind bundled with candlepin as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-12384", }, { category: "external", summary: "RHBZ#1725807", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1725807", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-12384", url: "https://www.cve.org/CVERecord?id=CVE-2019-12384", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-12384", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-12384", }, ], release_date: "2019-06-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-12-19T17:37:50+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:4352", }, { category: "workaround", details: "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", product_ids: [ "Red Hat Fuse 6.3", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution", }, ], }
rhsa-2019:4352
Vulnerability from csaf_redhat
Published
2019-12-19 17:37
Modified
2025-03-15 19:45
Summary
Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R14 security and bug fix update
Notes
Topic
An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications.
This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below.
Security fix(es):
* zookeeper: Information disclosure in Apache ZooKeeper (CVE-2019-0201)
* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
* HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)
* xstream: remote code execution due to insecure XML deserialization (CVE-2019-10173)
* jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications.\n\nThis patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below.\n\nSecurity fix(es):\n\n* zookeeper: Information disclosure in Apache ZooKeeper (CVE-2019-0201)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) \n\n* HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)\n\n* xstream: remote code execution due to insecure XML deserialization (CVE-2019-10173)\n\n* jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2019:4352", url: "https://access.redhat.com/errata/RHSA-2019:4352", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.broker&downloadType=securityPatches&version=6.3.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.broker&downloadType=securityPatches&version=6.3.0", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=securityPatches&version=6.3", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=securityPatches&version=6.3", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/release_notes/index", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/release_notes/index", }, { category: "external", summary: "1715197", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1715197", }, { category: "external", summary: "1722971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1722971", }, { category: "external", summary: "1725807", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1725807", }, { category: "external", summary: "1735645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735645", }, { category: "external", summary: "1735744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", }, { category: "external", summary: "1735745", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735745", }, { category: "external", summary: "1735749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735749", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_4352.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R14 security and bug fix update", tracking: { current_release_date: "2025-03-15T19:45:06+00:00", generator: { date: "2025-03-15T19:45:06+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2019:4352", initial_release_date: "2019-12-19T17:37:50+00:00", revision_history: [ { date: "2019-12-19T17:37:50+00:00", number: "1", summary: "Initial version", }, { date: "2019-12-19T17:37:50+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T19:45:06+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Fuse 6.3", product: { name: "Red Hat Fuse 6.3", product_id: "Red Hat Fuse 6.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_fuse:6.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Fuse", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2019-0201", cwe: { id: "CWE-732", name: "Incorrect Permission Assignment for Critical Resource", }, discovery_date: "2019-05-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1715197", }, ], notes: [ { category: "description", text: "A flaw was found in Apache ZooKeeper. A lack of permission checks while retrieving ACLs allows unsalted hash values to be disclosed for unauthenticated or unprivileged users.", title: "Vulnerability description", }, { category: "summary", text: "zookeeper: Information disclosure in Apache ZooKeeper", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-0201", }, { category: "external", summary: "RHBZ#1715197", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1715197", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-0201", url: "https://www.cve.org/CVERecord?id=CVE-2019-0201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-0201", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-0201", }, ], release_date: "2019-05-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-12-19T17:37:50+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:4352", }, { category: "workaround", details: "Use an authentication method other than Digest (e.g. Kerberos) or upgrade to zookeeper 3.4.14 or later (3.5.5 or later if on the 3.5 branch). [https://zookeeper.apache.org/security.html#CVE-2019-0201]", product_ids: [ "Red Hat Fuse 6.3", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "Red Hat Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "zookeeper: Information disclosure in Apache ZooKeeper", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9512", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735645", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using PING frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9512", }, { category: "external", summary: "RHBZ#1735645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735645", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9512", url: "https://www.cve.org/CVERecord?id=CVE-2019-9512", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", url: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", url: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-12-19T17:37:50+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:4352", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using PING frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9514", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735744", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RST_STREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using HEADERS frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9514", }, { category: "external", summary: "RHBZ#1735744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9514", url: "https://www.cve.org/CVERecord?id=CVE-2019-9514", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", url: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", url: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-12-19T17:37:50+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:4352", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using HEADERS frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9515", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735745", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using SETTINGS frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of grafana(embeds gRPC) as shipped with Red Hat Ceph Storage 3 as it include the support for HTTP/2.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9515", }, { category: "external", summary: "RHBZ#1735745", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735745", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9515", url: "https://www.cve.org/CVERecord?id=CVE-2019-9515", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9515", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9515", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-12-19T17:37:50+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:4352", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using SETTINGS frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735749", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using empty frames results in excessive resource consumption", title: "Vulnerability summary", }, { category: "other", text: "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9518", }, { category: "external", summary: "RHBZ#1735749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735749", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9518", url: "https://www.cve.org/CVERecord?id=CVE-2019-9518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9518", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9518", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-12-19T17:37:50+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:4352", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using empty frames results in excessive resource consumption", }, { cve: "CVE-2019-10173", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, discovery_date: "2019-06-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1722971", }, ], notes: [ { category: "description", text: "It was found that xstream API version 1.4.10 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. This a regression of CVE-2013-7285 fixed in 1.4.7 (fixed) as of BPMS 6.0.1, the regression was introduced with xstream-1.4.10 implemented in RHPAM.", title: "Vulnerability description", }, { category: "summary", text: "xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-10173", }, { category: "external", summary: "RHBZ#1722971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1722971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-10173", url: "https://www.cve.org/CVERecord?id=CVE-2019-10173", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-10173", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-10173", }, { category: "external", summary: "http://x-stream.github.io/changes.html#1.4.11", url: "http://x-stream.github.io/changes.html#1.4.11", }, ], release_date: "2018-10-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-12-19T17:37:50+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:4352", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)", }, { cve: "CVE-2019-12384", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-06-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1725807", }, ], notes: [ { category: "description", text: "A flaw was discovered in FasterXML jackson-databind in versions prior to 2.9.9. The vulnerability would permit polymorphic deserialization of malicious objects using the logback-core gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. Depending on the classpath content, remote code execution may be possible.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution", title: "Vulnerability summary", }, { category: "other", text: "Red Hat OpenStack's OpenDaylight does not use logback in any supported configuration. Therefore, the prerequisites for this vulnerability are not present and OpenDaylight is not affected.\n\nThis vulnerability relies on logback-core (ch.qos.logback.core) being present in the application's ClassPath. Logback-core is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use logback-core are not impacted by this vulnerability.\n\nThis issue affects the versions of jackson-databind bundled with candlepin as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-12384", }, { category: "external", summary: "RHBZ#1725807", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1725807", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-12384", url: "https://www.cve.org/CVERecord?id=CVE-2019-12384", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-12384", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-12384", }, ], release_date: "2019-06-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-12-19T17:37:50+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:4352", }, { category: "workaround", details: "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", product_ids: [ "Red Hat Fuse 6.3", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution", }, ], }
RHSA-2019:3140
Vulnerability from csaf_redhat
Published
2019-10-17 14:54
Modified
2025-01-19 19:46
Summary
Red Hat Security Advisory: Red Hat JBoss Data Virtualization 6.4.8 security update
Notes
Topic
An update is now available for Red Hat JBoss Data Virtualization.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database.
This release of Red Hat JBoss Data Virtualization 6.4.8 serves as a replacement for Red Hat JBoss Data Virtualization 6.4.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands (CVE-2016-5397)
* tika-core: tika: Command injection in tika-server can allow remote attackers to execute arbitrary commands via crafted headers (CVE-2018-1335)
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
* jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)
* libthrift: thrift: Improper Access Control grants access to files outside the webservers docroot path (CVE-2018-11798)
* jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)
* jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)
* jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)
* jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)
* jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)
* jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)
* jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)
* zookeeper: Information disclosure in Apache ZooKeeper (CVE-2019-0201)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Data Virtualization.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database.\n\nThis release of Red Hat JBoss Data Virtualization 6.4.8 serves as a replacement for Red Hat JBoss Data Virtualization 6.4.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands (CVE-2016-5397)\n\n* tika-core: tika: Command injection in tika-server can allow remote attackers to execute arbitrary commands via crafted headers (CVE-2018-1335)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\n* jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)\n\n* libthrift: thrift: Improper Access Control grants access to files outside the webservers docroot path (CVE-2018-11798)\n\n* jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)\n\n* jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)\n\n* jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)\n\n* jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)\n\n* jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)\n\n* jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)\n\n* jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)\n\n* zookeeper: Information disclosure in Apache ZooKeeper (CVE-2019-0201)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2019:3140", url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.services.platform&downloadType=securityPatches&version=6.4", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.services.platform&downloadType=securityPatches&version=6.4", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_data_virtualization/6.4/html/release_notes/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_data_virtualization/6.4/html/release_notes/", }, { category: "external", summary: "1544620", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1544620", }, { category: "external", summary: "1548909", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1548909", }, { category: "external", summary: "1572416", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1572416", }, { category: "external", summary: "1666415", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666415", }, { category: "external", summary: "1666418", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666418", }, { category: "external", summary: "1666482", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666482", }, { category: "external", summary: "1666484", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666484", }, { category: "external", summary: "1666489", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666489", }, { category: "external", summary: "1667188", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1667188", }, { category: "external", summary: "1671096", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671096", }, { category: "external", summary: "1671097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671097", }, { category: "external", summary: "1677341", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677341", }, { category: "external", summary: "1715197", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1715197", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3140.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Data Virtualization 6.4.8 security update", tracking: { current_release_date: "2025-01-19T19:46:15+00:00", generator: { date: "2025-01-19T19:46:15+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.6", }, }, id: "RHSA-2019:3140", initial_release_date: "2019-10-17T14:54:30+00:00", revision_history: [ { date: "2019-10-17T14:54:30+00:00", number: "1", summary: "Initial version", }, { date: "2019-10-17T14:54:30+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-19T19:46:15+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Data Virtualization 6.4.8", product: { name: "Red Hat JBoss Data Virtualization 6.4.8", product_id: "Red Hat JBoss Data Virtualization 6.4.8", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_data_virtualization:6.4", }, }, }, ], category: "product_family", name: "Red Hat JBoss Data Virtualization", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2016-5397", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, discovery_date: "2018-02-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1544620", }, ], notes: [ { category: "description", text: "The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.", title: "Vulnerability description", }, { category: "summary", text: "thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands", title: "Vulnerability summary", }, { category: "other", text: "libthrift is a library used by OpenDaylight which is shipped with Red Hat OpenStack. Whilst the version of the library used contains the vulnerable code it is not used by OpenDaylight and hence not exposed.\n\nJBoss fuse 6.3 ships libthrift via insight-activemq fabric-8 profile, however the vulnerable code is not used by fabric-8 so fuse 6.3 is not affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-5397", }, { category: "external", summary: "RHBZ#1544620", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1544620", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-5397", url: "https://www.cve.org/CVERecord?id=CVE-2016-5397", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-5397", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-5397", }, ], release_date: "2016-07-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands", }, { cve: "CVE-2018-1335", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, discovery_date: "2018-04-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1572416", }, ], notes: [ { category: "description", text: "From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.", title: "Vulnerability description", }, { category: "summary", text: "tika: Command injection in tika-server can allow remote attackers to execute arbitrary commands via crafted headers", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of tika which is embedded in the nutch package as shipped with Red Hat Satellite 5. The tika server is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-1335", }, { category: "external", summary: "RHBZ#1572416", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1572416", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-1335", url: "https://www.cve.org/CVERecord?id=CVE-2018-1335", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1335", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1335", }, { category: "external", summary: "https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E", url: "https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E", }, ], release_date: "2018-04-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tika: Command injection in tika-server can allow remote attackers to execute arbitrary commands via crafted headers", }, { acknowledgments: [ { names: [ "Chris McCown", ], }, ], cve: "CVE-2018-8088", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2018-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1548909", }, ], notes: [ { category: "description", text: "An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", title: "Vulnerability description", }, { category: "summary", text: "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", title: "Vulnerability summary", }, { category: "other", text: "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-8088", }, { category: "external", summary: "RHBZ#1548909", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1548909", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-8088", url: "https://www.cve.org/CVERecord?id=CVE-2018-8088", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", }, ], release_date: "2018-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", }, { cve: "CVE-2018-11307", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-02-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1677341", }, ], notes: [ { category: "description", text: "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using MyBatis classes when using DefaultTyping. An attacker could use this flaw to achieve content exfiltration and possibly conduct further attacks.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since Candlepin's java runtime environment does not load MyBatis classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not include MyBatis classes.\n\nRed Hat Fuse 6 and 7 are not directly affected by this issue, as although they do ship the vulnerable jackson-databind component, they do not enable polymorphic deserialization or default typing which are required for exploitability. Their impacts have correspondingly been reduced to Moderate. Future updates may address this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-11307", }, { category: "external", summary: "RHBZ#1677341", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677341", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-11307", url: "https://www.cve.org/CVERecord?id=CVE-2018-11307", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-11307", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-11307", }, ], release_date: "2018-05-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis", }, { cve: "CVE-2018-11798", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2019-01-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1667188", }, ], notes: [ { category: "description", text: "A flaw was found in the Node.js static web server in Apache Thrift, where it allowed a remote user to access files outside of the set web servers' docroot path. An attacker could use this flaw to possibly access unauthorized files and sensitive information.", title: "Vulnerability description", }, { category: "summary", text: "thrift: Improper Access Control grants access to files outside the webservers docroot path", title: "Vulnerability summary", }, { category: "other", text: "OpenStack and OpenDaylight:\nThe Java implementation of thrift is used in OpenDaylight by parts of the vpnservice functionality. This flaw refers to the JavaScript (node.js) server for Thrift, which is not used or shipped with OpenDaylight or any other part of Red Hat OpenStack Platform.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-11798", }, { category: "external", summary: "RHBZ#1667188", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1667188", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-11798", url: "https://www.cve.org/CVERecord?id=CVE-2018-11798", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-11798", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-11798", }, ], release_date: "2018-10-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "thrift: Improper Access Control grants access to files outside the webservers docroot path", }, { cve: "CVE-2018-12022", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1671097", }, ], notes: [ { category: "description", text: "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization of types from Jodd-db library", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since Candlepin's java runtime environment does not load Jodd classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not load Jodd classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-12022", }, { category: "external", summary: "RHBZ#1671097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671097", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-12022", url: "https://www.cve.org/CVERecord?id=CVE-2018-12022", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-12022", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-12022", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization of types from Jodd-db library", }, { cve: "CVE-2018-12023", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1671096", }, ], notes: [ { category: "description", text: "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Oracle JDBC classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since Candlepin's java runtime environment does not load Oracle's JDBC classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not load Oracle's JDBC classes.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-12023", }, { category: "external", summary: "RHBZ#1671096", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671096", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-12023", url: "https://www.cve.org/CVERecord?id=CVE-2018-12023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-12023", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-12023", }, ], release_date: "2018-06-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver", }, { cve: "CVE-2018-14718", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666415", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: arbitrary code execution in slf4j-ext class", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in jackson-databind involves exploiting CVE-2018-1088 against slf4j, which was fixed in Red Hat products through the errata referenced at https://access.redhat.com/security/cve/cve-2018-8088. Applications that link only slf4j versions including that fix are not vulnerable to this vulnerability.\n\nRed Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't bundle slf4j-ext jar.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14718", }, { category: "external", summary: "RHBZ#1666415", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666415", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14718", url: "https://www.cve.org/CVERecord?id=CVE-2018-14718", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14718", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14718", }, ], release_date: "2018-07-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: arbitrary code execution in slf4j-ext class", }, { cve: "CVE-2018-14719", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666418", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using blaze classes. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes", title: "Vulnerability summary", }, { category: "other", text: "The following Red Hat products are not affected by this issue as they do not bundle or provide the requisite gadget jars to exploit this vulnerability:\nRed Hat Satellite 6\nRed Hat Enterprise Virtualization 4\nRed Hat Fuse 6, 7, and Fuse Integration Services 2\nRed Hat A-MQ 6", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14719", }, { category: "external", summary: "RHBZ#1666418", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666418", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14719", url: "https://www.cve.org/CVERecord?id=CVE-2018-14719", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14719", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14719", }, ], release_date: "2018-07-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes", }, { cve: "CVE-2018-19360", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666482", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the axis2-transport-jms class. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization in axis2-transport-jms class", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't include axis2-transport-jms jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not include axis2-transport-jms jar.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-19360", }, { category: "external", summary: "RHBZ#1666482", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666482", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-19360", url: "https://www.cve.org/CVERecord?id=CVE-2018-19360", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-19360", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-19360", }, ], release_date: "2018-11-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization in axis2-transport-jms class", }, { cve: "CVE-2018-19361", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666484", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the OpenJPA class. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization in openjpa class", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't bundle openjpa jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since its candlepin component doesn't bundle openjpa jar.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-19361", }, { category: "external", summary: "RHBZ#1666484", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666484", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-19361", url: "https://www.cve.org/CVERecord?id=CVE-2018-19361", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-19361", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-19361", }, ], release_date: "2018-11-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization in openjpa class", }, { cve: "CVE-2018-19362", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666489", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the jboss-common-core class. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization in jboss-common-core class", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't bundle jboss-common-core jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since its candlepin component doesn't bundle jboss-common-core jar.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-19362", }, { category: "external", summary: "RHBZ#1666489", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666489", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-19362", url: "https://www.cve.org/CVERecord?id=CVE-2018-19362", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-19362", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-19362", }, ], release_date: "2018-11-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization in jboss-common-core class", }, { cve: "CVE-2019-0201", cwe: { id: "CWE-732", name: "Incorrect Permission Assignment for Critical Resource", }, discovery_date: "2019-05-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1715197", }, ], notes: [ { category: "description", text: "A flaw was found in Apache ZooKeeper. A lack of permission checks while retrieving ACLs allows unsalted hash values to be disclosed for unauthenticated or unprivileged users.", title: "Vulnerability description", }, { category: "summary", text: "zookeeper: Information disclosure in Apache ZooKeeper", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-0201", }, { category: "external", summary: "RHBZ#1715197", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1715197", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-0201", url: "https://www.cve.org/CVERecord?id=CVE-2019-0201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-0201", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-0201", }, ], release_date: "2019-05-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { category: "workaround", details: "Use an authentication method other than Digest (e.g. Kerberos) or upgrade to zookeeper 3.4.14 or later (3.5.5 or later if on the 3.5 branch). [https://zookeeper.apache.org/security.html#CVE-2019-0201]", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "zookeeper: Information disclosure in Apache ZooKeeper", }, ], }
rhsa-2019_3892
Vulnerability from csaf_redhat
Published
2019-11-14 21:17
Modified
2024-12-15 18:53
Summary
Red Hat Security Advisory: Red Hat Fuse 7.5.0 security update
Notes
Topic
A minor version update (from 7.4 to 7.5) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
[2020-04-17 update: descriptions for mutiple components fixed for the same CVE added]
Details
This release of Red Hat Fuse 7.5.0 serves as a replacement for Red Hat Fuse 7.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)
* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485)
* infinispan: deserialization of data in XML and JSON transcoders (CVE-2018-1131)
* hadoop: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file (CVE-2018-8009)
* jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)
* jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)
* jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)
* jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)
* jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)
* jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)
* jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)
* jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)
* jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)
* retrofit: Directory traversal in RequestBuilder allows manipulation of resources (CVE-2018-1000850)
* zookeeper: Information disclosure in Apache ZooKeeper (CVE-2019-0201)
* mesos: docker image code execution (CVE-2019-0204)
* netty: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* grpc: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* netty: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* grpc: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* netty: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
* grpc: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
* netty: HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)
* xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285) (CVE-2019-10173)
* syndesis: default CORS configuration is allow all (CVE-2019-14860)
* netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers (CVE-2019-16869)
* activemq: ActiveMQ Client Missing TLS Hostname Verification (CVE-2018-11775)
* tika: Incomplete fix allows for XML entity expansion resulting in denial of service (CVE-2018-11796)
* jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class (CVE-2018-14721)
* tomcat: Host name verification missing in WebSocket client (CVE-2018-8034)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A minor version update (from 7.4 to 7.5) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[2020-04-17 update: descriptions for mutiple components fixed for the same CVE added]", title: "Topic", }, { category: "general", text: "This release of Red Hat Fuse 7.5.0 serves as a replacement for Red Hat Fuse 7.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)\n\n* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485)\n\n* infinispan: deserialization of data in XML and JSON transcoders (CVE-2018-1131)\n\n* hadoop: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file (CVE-2018-8009)\n\n* jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)\n\n* jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)\n\n* jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)\n\n* jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)\n\n* jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)\n\n* jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)\n\n* jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)\n\n* jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)\n\n* jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)\n\n* retrofit: Directory traversal in RequestBuilder allows manipulation of resources (CVE-2018-1000850)\n\n* zookeeper: Information disclosure in Apache ZooKeeper (CVE-2019-0201)\n\n* mesos: docker image code execution (CVE-2019-0204)\n\n* netty: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* grpc: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* netty: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* grpc: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* netty: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)\n\n* grpc: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)\n\n* netty: HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)\n\n* xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285) (CVE-2019-10173)\n\n* syndesis: default CORS configuration is allow all (CVE-2019-14860)\n\n* netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers (CVE-2019-16869)\n\n* activemq: ActiveMQ Client Missing TLS Hostname Verification (CVE-2018-11775)\n\n* tika: Incomplete fix allows for XML entity expansion resulting in denial of service (CVE-2018-11796)\n\n* jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class (CVE-2018-14721)\n\n* tomcat: Host name verification missing in WebSocket client (CVE-2018-8034)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2019:3892", url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.5.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.5.0", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", url: "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", }, { category: "external", summary: "1506612", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1506612", }, { category: "external", summary: "1528565", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1528565", }, { category: "external", summary: "1576492", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1576492", }, { category: "external", summary: "1593018", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1593018", }, { category: "external", summary: "1607580", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1607580", }, { category: "external", summary: "1629083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1629083", }, { category: "external", summary: "1639090", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1639090", }, { category: "external", summary: "1663904", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1663904", }, { category: "external", summary: "1666415", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666415", }, { category: "external", summary: "1666418", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666418", }, { category: "external", summary: "1666423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666423", }, { category: "external", summary: "1666428", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666428", }, { category: "external", summary: "1666482", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666482", }, { category: "external", summary: "1666484", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666484", }, { category: "external", summary: "1666489", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666489", }, { category: "external", summary: "1671096", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671096", }, { category: "external", summary: "1671097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671097", }, { category: "external", summary: "1677341", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677341", }, { category: "external", summary: "1692755", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1692755", }, { category: "external", summary: "1715197", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1715197", }, { category: "external", summary: "1722971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1722971", }, { category: "external", summary: "1735645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735645", }, { category: "external", summary: "1735744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", }, { category: "external", summary: "1735745", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735745", }, { category: "external", summary: "1735749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735749", }, { category: "external", summary: "1758619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1758619", }, { category: "external", summary: "1761912", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1761912", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3892.json", }, ], title: "Red Hat Security Advisory: Red Hat Fuse 7.5.0 security update", tracking: { current_release_date: "2024-12-15T18:53:23+00:00", generator: { date: "2024-12-15T18:53:23+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2019:3892", initial_release_date: "2019-11-14T21:17:38+00:00", revision_history: [ { date: "2019-11-14T21:17:38+00:00", number: "1", summary: "Initial version", }, { date: "2020-04-20T07:18:57+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-15T18:53:23+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Fuse 7.5.0", product: { name: "Red Hat Fuse 7.5.0", product_id: "Red Hat Fuse 7.5.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_fuse:7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Fuse", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Liao Xinxi", ], organization: "NSFOCUS", }, ], cve: "CVE-2017-15095", cwe: { id: "CWE-184", name: "Incomplete List of Disallowed Inputs", }, discovery_date: "2017-10-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1506612", }, ], notes: [ { category: "description", text: "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of jackson-databind (in Satellite 6.0 and 6.1) and candlepin (which embeds a copy of jackson-databind in Satellite 6.2) as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time:\n\nCandlepin currently uses the default type resolution configuration for the ObjectMappers it creates/uses. Nowhere in candlepin do we enable global polymorphic deserialization via enableDefaultTyping(...), therefore based on the documentation sited BZ 1462702 , candlepin should not be affected.\n\nHowever as the vulnerable software ships with the product we have marked them as vulnerable to ensure the issue is tracked.\n\nJBoss EAP 7.x only uses the vulnerable Jackson Databind library for marshalling and unmarshalling of JSON objects passed to JAX-RS webservices. Some advise about how to remain safe when using JAX-RS webservices on JBoss EAP 7.x is available here: \n\nhttps://access.redhat.com/solutions/3279231", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-15095", }, { category: "external", summary: "RHBZ#1506612", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1506612", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-15095", url: "https://www.cve.org/CVERecord?id=CVE-2017-15095", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-15095", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-15095", }, { category: "external", summary: "https://access.redhat.com/solutions/3442891", url: "https://access.redhat.com/solutions/3442891", }, ], release_date: "2017-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { category: "workaround", details: "Mitigation to this problem is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", product_ids: [ "Red Hat Fuse 7.5.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)", }, { acknowledgments: [ { names: [ "0c0c0f from 360观星实验室", ], }, ], cve: "CVE-2017-17485", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2017-12-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1528565", }, ], notes: [ { category: "description", text: "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper. This issue extends upon the previous flaws CVE-2017-7525 and CVE-2017-15095 by blacklisting more classes that could be used maliciously.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-17485", }, { category: "external", summary: "RHBZ#1528565", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1528565", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-17485", url: "https://www.cve.org/CVERecord?id=CVE-2017-17485", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-17485", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-17485", }, { category: "external", summary: "https://access.redhat.com/solutions/3442891", url: "https://access.redhat.com/solutions/3442891", }, ], release_date: "2017-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)", }, { cve: "CVE-2018-1131", cwe: { id: "CWE-349", name: "Acceptance of Extraneous Untrusted Data With Trusted Data", }, discovery_date: "2018-05-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1576492", }, ], notes: [ { category: "description", text: "Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected.", title: "Vulnerability description", }, { category: "summary", text: "infinispan: deserialization of data in XML and JSON transcoders", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-1131", }, { category: "external", summary: "RHBZ#1576492", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1576492", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-1131", url: "https://www.cve.org/CVERecord?id=CVE-2018-1131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1131", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1131", }, ], release_date: "2018-05-14T14:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "infinispan: deserialization of data in XML and JSON transcoders", }, { cve: "CVE-2018-8009", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2018-06-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1593018", }, ], notes: [ { category: "description", text: "Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.", title: "Vulnerability description", }, { category: "summary", text: "hadoop: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of rhs-hadoop as shipped with Red Hat Gluster Storage 3. For JBoss Fuse 6.3 and 7 standalone, while they ship vulnerable artifact via camel-hbase, camel-hdfs2 (fuse 6.3) and camel-hdfs2 (fuse 7), there's no invocation on the flawed code that could lead to an unzip operation. So fuse 6.3, 7 standalone are not affected. However FIS 2.0 and Fuse 7 on OpenShift ship vulnerable artifact via maven BOM, so setting fuse as affected for this reason.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-8009", }, { category: "external", summary: "RHBZ#1593018", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1593018", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-8009", url: "https://www.cve.org/CVERecord?id=CVE-2018-8009", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-8009", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-8009", }, ], release_date: "2018-06-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "hadoop: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file", }, { cve: "CVE-2018-8034", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2018-07-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1607580", }, ], notes: [ { category: "description", text: "The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Host name verification missing in WebSocket client", title: "Vulnerability summary", }, { category: "other", text: "Tomcat 6, and Red Hat products shipping it, are not affected by this CVE. Tomcat 7, 8, and 9, as well as Red Hat Products shipping them, are affected. Affected products, including Red Hat JBoss Web Server 3 and 5, Enterprise Application Server 6, and Fuse 7, may provide fixes for this issue in a future release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-8034", }, { category: "external", summary: "RHBZ#1607580", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1607580", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-8034", url: "https://www.cve.org/CVERecord?id=CVE-2018-8034", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-8034", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-8034", }, ], release_date: "2018-07-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Host name verification missing in WebSocket client", }, { cve: "CVE-2018-11307", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-02-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1677341", }, ], notes: [ { category: "description", text: "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using MyBatis classes when using DefaultTyping. An attacker could use this flaw to achieve content exfiltration and possibly conduct further attacks.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since Candlepin's java runtime environment does not load MyBatis classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not include MyBatis classes.\n\nRed Hat Fuse 6 and 7 are not directly affected by this issue, as although they do ship the vulnerable jackson-databind component, they do not enable polymorphic deserialization or default typing which are required for exploitability. Their impacts have correspondingly been reduced to Moderate. Future updates may address this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-11307", }, { category: "external", summary: "RHBZ#1677341", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677341", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-11307", url: "https://www.cve.org/CVERecord?id=CVE-2018-11307", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-11307", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-11307", }, ], release_date: "2018-05-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis", }, { cve: "CVE-2018-11775", discovery_date: "2018-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1629083", }, ], notes: [ { category: "description", text: "TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.", title: "Vulnerability description", }, { category: "summary", text: "activemq: ActiveMQ Client Missing TLS Hostname Verification", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-11775", }, { category: "external", summary: "RHBZ#1629083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1629083", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-11775", url: "https://www.cve.org/CVERecord?id=CVE-2018-11775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-11775", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-11775", }, ], release_date: "2018-09-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "activemq: ActiveMQ Client Missing TLS Hostname Verification", }, { cve: "CVE-2018-11796", cwe: { id: "CWE-776", name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", }, discovery_date: "2018-10-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1639090", }, ], notes: [ { category: "description", text: "In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later.", title: "Vulnerability description", }, { category: "summary", text: "tika: Incomplete fix allows for XML entity expansion resulting in denial of service", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of tika which is embedded in the nutch package as shipped with Red Hat Satellite 5. The tika server is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-11796", }, { category: "external", summary: "RHBZ#1639090", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1639090", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-11796", url: "https://www.cve.org/CVERecord?id=CVE-2018-11796", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-11796", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-11796", }, { category: "external", summary: "https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E", url: "https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E", }, ], release_date: "2018-10-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tika: Incomplete fix allows for XML entity expansion resulting in denial of service", }, { cve: "CVE-2018-12022", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1671097", }, ], notes: [ { category: "description", text: "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization of types from Jodd-db library", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since Candlepin's java runtime environment does not load Jodd classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not load Jodd classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-12022", }, { category: "external", summary: "RHBZ#1671097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671097", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-12022", url: "https://www.cve.org/CVERecord?id=CVE-2018-12022", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-12022", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-12022", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization of types from Jodd-db library", }, { cve: "CVE-2018-12023", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1671096", }, ], notes: [ { category: "description", text: "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Oracle JDBC classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since Candlepin's java runtime environment does not load Oracle's JDBC classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not load Oracle's JDBC classes.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-12023", }, { category: "external", summary: "RHBZ#1671096", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671096", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-12023", url: "https://www.cve.org/CVERecord?id=CVE-2018-12023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-12023", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-12023", }, ], release_date: "2018-06-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver", }, { cve: "CVE-2018-14718", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666415", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: arbitrary code execution in slf4j-ext class", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in jackson-databind involves exploiting CVE-2018-1088 against slf4j, which was fixed in Red Hat products through the errata referenced at https://access.redhat.com/security/cve/cve-2018-8088. Applications that link only slf4j versions including that fix are not vulnerable to this vulnerability.\n\nRed Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't bundle slf4j-ext jar.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14718", }, { category: "external", summary: "RHBZ#1666415", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666415", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14718", url: "https://www.cve.org/CVERecord?id=CVE-2018-14718", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14718", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14718", }, ], release_date: "2018-07-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: arbitrary code execution in slf4j-ext class", }, { cve: "CVE-2018-14719", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666418", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using blaze classes. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes", title: "Vulnerability summary", }, { category: "other", text: "The following Red Hat products are not affected by this issue as they do not bundle or provide the requisite gadget jars to exploit this vulnerability:\nRed Hat Satellite 6\nRed Hat Enterprise Virtualization 4\nRed Hat Fuse 6, 7, and Fuse Integration Services 2\nRed Hat A-MQ 6", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14719", }, { category: "external", summary: "RHBZ#1666418", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666418", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14719", url: "https://www.cve.org/CVERecord?id=CVE-2018-14719", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14719", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14719", }, ], release_date: "2018-07-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes", }, { cve: "CVE-2018-14720", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666423", }, ], notes: [ { category: "description", text: "FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: exfiltration/XXE in some JDK classes", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since its only supported Java runtime (openJDK) doesn't bundle the com.sun.deploy.security.ruleset.DRSHelper class.\n\nRed Hat Enterprise Virtualization 4 is not affected by this issue, since its only supported Java runtime (openJDK) doesn't bundle the com.sun.deploy.security.ruleset.DRSHelper class.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14720", }, { category: "external", summary: "RHBZ#1666423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666423", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14720", url: "https://www.cve.org/CVERecord?id=CVE-2018-14720", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14720", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14720", }, ], release_date: "2018-07-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { category: "workaround", details: "The following conditions are needed for an exploit, we recommend avoiding all if possible \n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", product_ids: [ "Red Hat Fuse 7.5.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: exfiltration/XXE in some JDK classes", }, { cve: "CVE-2018-14721", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666428", }, ], notes: [ { category: "description", text: "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't bundle axis2-jaxws jar.\n\nRed Hat Virtualization is not affected by this issue, since its does not bundle axis2-jaxws jar.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14721", }, { category: "external", summary: "RHBZ#1666428", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666428", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14721", url: "https://www.cve.org/CVERecord?id=CVE-2018-14721", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14721", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14721", }, ], release_date: "2018-07-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class", }, { cve: "CVE-2018-19360", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666482", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the axis2-transport-jms class. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization in axis2-transport-jms class", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't include axis2-transport-jms jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not include axis2-transport-jms jar.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-19360", }, { category: "external", summary: "RHBZ#1666482", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666482", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-19360", url: "https://www.cve.org/CVERecord?id=CVE-2018-19360", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-19360", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-19360", }, ], release_date: "2018-11-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization in axis2-transport-jms class", }, { cve: "CVE-2018-19361", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666484", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the OpenJPA class. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization in openjpa class", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't bundle openjpa jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since its candlepin component doesn't bundle openjpa jar.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-19361", }, { category: "external", summary: "RHBZ#1666484", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666484", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-19361", url: "https://www.cve.org/CVERecord?id=CVE-2018-19361", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-19361", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-19361", }, ], release_date: "2018-11-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization in openjpa class", }, { cve: "CVE-2018-19362", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666489", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the jboss-common-core class. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization in jboss-common-core class", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't bundle jboss-common-core jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since its candlepin component doesn't bundle jboss-common-core jar.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-19362", }, { category: "external", summary: "RHBZ#1666489", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666489", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-19362", url: "https://www.cve.org/CVERecord?id=CVE-2018-19362", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-19362", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-19362", }, ], release_date: "2018-11-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization in jboss-common-core class", }, { cve: "CVE-2018-1000850", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2018-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1663904", }, ], notes: [ { category: "description", text: "A flaw was found in Retrofit, where it allowed directory traversal via its RequestBuilder class. An attacker could use this flaw to access information or commands outside of its set permissions.", title: "Vulnerability description", }, { category: "summary", text: "retrofit: Directory traversal in RequestBuilder allows manipulation of resources", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-1000850", }, { category: "external", summary: "RHBZ#1663904", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1663904", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-1000850", url: "https://www.cve.org/CVERecord?id=CVE-2018-1000850", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1000850", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1000850", }, ], release_date: "2018-10-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "retrofit: Directory traversal in RequestBuilder allows manipulation of resources", }, { cve: "CVE-2019-0201", cwe: { id: "CWE-732", name: "Incorrect Permission Assignment for Critical Resource", }, discovery_date: "2019-05-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1715197", }, ], notes: [ { category: "description", text: "A flaw was found in Apache ZooKeeper. A lack of permission checks while retrieving ACLs allows unsalted hash values to be disclosed for unauthenticated or unprivileged users.", title: "Vulnerability description", }, { category: "summary", text: "zookeeper: Information disclosure in Apache ZooKeeper", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-0201", }, { category: "external", summary: "RHBZ#1715197", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1715197", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-0201", url: "https://www.cve.org/CVERecord?id=CVE-2019-0201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-0201", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-0201", }, ], release_date: "2019-05-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { category: "workaround", details: "Use an authentication method other than Digest (e.g. Kerberos) or upgrade to zookeeper 3.4.14 or later (3.5.5 or later if on the 3.5 branch). [https://zookeeper.apache.org/security.html#CVE-2019-0201]", product_ids: [ "Red Hat Fuse 7.5.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "zookeeper: Information disclosure in Apache ZooKeeper", }, { cve: "CVE-2019-0204", cwe: { id: "CWE-250", name: "Execution with Unnecessary Privileges", }, discovery_date: "2019-03-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1692755", }, ], notes: [ { category: "description", text: "A flaw was found in Docker image running under root user, where it is possible to overwrite the init helper binary of the container runtime or the command executor in Apache Mesos. A malicious user could use this flaw to gain root-level code execution on the host.", title: "Vulnerability description", }, { category: "summary", text: "mesos: docker image code execution", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-0204", }, { category: "external", summary: "RHBZ#1692755", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1692755", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-0204", url: "https://www.cve.org/CVERecord?id=CVE-2019-0204", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-0204", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-0204", }, ], release_date: "2019-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "mesos: docker image code execution", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9512", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735645", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using PING frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9512", }, { category: "external", summary: "RHBZ#1735645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735645", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9512", url: "https://www.cve.org/CVERecord?id=CVE-2019-9512", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", url: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", url: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using PING frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9514", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735744", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RST_STREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using HEADERS frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9514", }, { category: "external", summary: "RHBZ#1735744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9514", url: "https://www.cve.org/CVERecord?id=CVE-2019-9514", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", url: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", url: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using HEADERS frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9515", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735745", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using SETTINGS frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of grafana(embeds gRPC) as shipped with Red Hat Ceph Storage 3 as it include the support for HTTP/2.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9515", }, { category: "external", summary: "RHBZ#1735745", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735745", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9515", url: "https://www.cve.org/CVERecord?id=CVE-2019-9515", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9515", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9515", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using SETTINGS frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735749", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using empty frames results in excessive resource consumption", title: "Vulnerability summary", }, { category: "other", text: "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9518", }, { category: "external", summary: "RHBZ#1735749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735749", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9518", url: "https://www.cve.org/CVERecord?id=CVE-2019-9518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9518", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9518", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using empty frames results in excessive resource consumption", }, { cve: "CVE-2019-10173", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, discovery_date: "2019-06-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1722971", }, ], notes: [ { category: "description", text: "It was found that xstream API version 1.4.10 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. This a regression of CVE-2013-7285 fixed in 1.4.7 (fixed) as of BPMS 6.0.1, the regression was introduced with xstream-1.4.10 implemented in RHPAM.", title: "Vulnerability description", }, { category: "summary", text: "xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-10173", }, { category: "external", summary: "RHBZ#1722971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1722971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-10173", url: "https://www.cve.org/CVERecord?id=CVE-2019-10173", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-10173", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-10173", }, { category: "external", summary: "http://x-stream.github.io/changes.html#1.4.11", url: "http://x-stream.github.io/changes.html#1.4.11", }, ], release_date: "2018-10-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)", }, { acknowledgments: [ { names: [ "Jeremy Choi", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2019-14860", cwe: { id: "CWE-942", name: "Permissive Cross-domain Policy with Untrusted Domains", }, discovery_date: "2019-10-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1761912", }, ], notes: [ { category: "description", text: "It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information.", title: "Vulnerability description", }, { category: "summary", text: "syndesis: default CORS configuration is allow all", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-14860", }, { category: "external", summary: "RHBZ#1761912", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1761912", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-14860", url: "https://www.cve.org/CVERecord?id=CVE-2019-14860", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-14860", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-14860", }, ], release_date: "2019-10-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "syndesis: default CORS configuration is allow all", }, { cve: "CVE-2019-16869", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2019-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1758619", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers", title: "Vulnerability summary", }, { category: "other", text: "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch's security team has stated that this vulnerability does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit these vulnerabilities on OpenShift Container Platform, so we're reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-16869", }, { category: "external", summary: "RHBZ#1758619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1758619", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-16869", url: "https://www.cve.org/CVERecord?id=CVE-2019-16869", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-16869", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-16869", }, ], release_date: "2019-09-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { category: "workaround", details: "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings", product_ids: [ "Red Hat Fuse 7.5.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers", }, ], }
rhsa-2019_3140
Vulnerability from csaf_redhat
Published
2019-10-17 14:54
Modified
2024-12-15 18:53
Summary
Red Hat Security Advisory: Red Hat JBoss Data Virtualization 6.4.8 security update
Notes
Topic
An update is now available for Red Hat JBoss Data Virtualization.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database.
This release of Red Hat JBoss Data Virtualization 6.4.8 serves as a replacement for Red Hat JBoss Data Virtualization 6.4.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands (CVE-2016-5397)
* tika-core: tika: Command injection in tika-server can allow remote attackers to execute arbitrary commands via crafted headers (CVE-2018-1335)
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
* jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)
* libthrift: thrift: Improper Access Control grants access to files outside the webservers docroot path (CVE-2018-11798)
* jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)
* jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)
* jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)
* jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)
* jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)
* jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)
* jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)
* zookeeper: Information disclosure in Apache ZooKeeper (CVE-2019-0201)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Data Virtualization.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database.\n\nThis release of Red Hat JBoss Data Virtualization 6.4.8 serves as a replacement for Red Hat JBoss Data Virtualization 6.4.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands (CVE-2016-5397)\n\n* tika-core: tika: Command injection in tika-server can allow remote attackers to execute arbitrary commands via crafted headers (CVE-2018-1335)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\n* jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)\n\n* libthrift: thrift: Improper Access Control grants access to files outside the webservers docroot path (CVE-2018-11798)\n\n* jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)\n\n* jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)\n\n* jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)\n\n* jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)\n\n* jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)\n\n* jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)\n\n* jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)\n\n* zookeeper: Information disclosure in Apache ZooKeeper (CVE-2019-0201)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2019:3140", url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.services.platform&downloadType=securityPatches&version=6.4", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.services.platform&downloadType=securityPatches&version=6.4", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_data_virtualization/6.4/html/release_notes/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_data_virtualization/6.4/html/release_notes/", }, { category: "external", summary: "1544620", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1544620", }, { category: "external", summary: "1548909", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1548909", }, { category: "external", summary: "1572416", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1572416", }, { category: "external", summary: "1666415", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666415", }, { category: "external", summary: "1666418", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666418", }, { category: "external", summary: "1666482", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666482", }, { category: "external", summary: "1666484", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666484", }, { category: "external", summary: "1666489", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666489", }, { category: "external", summary: "1667188", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1667188", }, { category: "external", summary: "1671096", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671096", }, { category: "external", summary: "1671097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671097", }, { category: "external", summary: "1677341", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677341", }, { category: "external", summary: "1715197", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1715197", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3140.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Data Virtualization 6.4.8 security update", tracking: { current_release_date: "2024-12-15T18:53:10+00:00", generator: { date: "2024-12-15T18:53:10+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2019:3140", initial_release_date: "2019-10-17T14:54:30+00:00", revision_history: [ { date: "2019-10-17T14:54:30+00:00", number: "1", summary: "Initial version", }, { date: "2019-10-17T14:54:30+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-15T18:53:10+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Data Virtualization 6.4.8", product: { name: "Red Hat JBoss Data Virtualization 6.4.8", product_id: "Red Hat JBoss Data Virtualization 6.4.8", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_data_virtualization:6.4", }, }, }, ], category: "product_family", name: "Red Hat JBoss Data Virtualization", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2016-5397", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, discovery_date: "2018-02-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1544620", }, ], notes: [ { category: "description", text: "The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.", title: "Vulnerability description", }, { category: "summary", text: "thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands", title: "Vulnerability summary", }, { category: "other", text: "libthrift is a library used by OpenDaylight which is shipped with Red Hat OpenStack. Whilst the version of the library used contains the vulnerable code it is not used by OpenDaylight and hence not exposed.\n\nJBoss fuse 6.3 ships libthrift via insight-activemq fabric-8 profile, however the vulnerable code is not used by fabric-8 so fuse 6.3 is not affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-5397", }, { category: "external", summary: "RHBZ#1544620", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1544620", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-5397", url: "https://www.cve.org/CVERecord?id=CVE-2016-5397", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-5397", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-5397", }, ], release_date: "2016-07-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands", }, { cve: "CVE-2018-1335", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, discovery_date: "2018-04-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1572416", }, ], notes: [ { category: "description", text: "From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.", title: "Vulnerability description", }, { category: "summary", text: "tika: Command injection in tika-server can allow remote attackers to execute arbitrary commands via crafted headers", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of tika which is embedded in the nutch package as shipped with Red Hat Satellite 5. The tika server is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-1335", }, { category: "external", summary: "RHBZ#1572416", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1572416", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-1335", url: "https://www.cve.org/CVERecord?id=CVE-2018-1335", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1335", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1335", }, { category: "external", summary: "https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E", url: "https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E", }, ], release_date: "2018-04-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tika: Command injection in tika-server can allow remote attackers to execute arbitrary commands via crafted headers", }, { acknowledgments: [ { names: [ "Chris McCown", ], }, ], cve: "CVE-2018-8088", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2018-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1548909", }, ], notes: [ { category: "description", text: "An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", title: "Vulnerability description", }, { category: "summary", text: "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", title: "Vulnerability summary", }, { category: "other", text: "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-8088", }, { category: "external", summary: "RHBZ#1548909", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1548909", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-8088", url: "https://www.cve.org/CVERecord?id=CVE-2018-8088", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", }, ], release_date: "2018-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", }, { cve: "CVE-2018-11307", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-02-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1677341", }, ], notes: [ { category: "description", text: "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using MyBatis classes when using DefaultTyping. An attacker could use this flaw to achieve content exfiltration and possibly conduct further attacks.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since Candlepin's java runtime environment does not load MyBatis classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not include MyBatis classes.\n\nRed Hat Fuse 6 and 7 are not directly affected by this issue, as although they do ship the vulnerable jackson-databind component, they do not enable polymorphic deserialization or default typing which are required for exploitability. Their impacts have correspondingly been reduced to Moderate. Future updates may address this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-11307", }, { category: "external", summary: "RHBZ#1677341", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677341", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-11307", url: "https://www.cve.org/CVERecord?id=CVE-2018-11307", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-11307", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-11307", }, ], release_date: "2018-05-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis", }, { cve: "CVE-2018-11798", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2019-01-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1667188", }, ], notes: [ { category: "description", text: "A flaw was found in the Node.js static web server in Apache Thrift, where it allowed a remote user to access files outside of the set web servers' docroot path. An attacker could use this flaw to possibly access unauthorized files and sensitive information.", title: "Vulnerability description", }, { category: "summary", text: "thrift: Improper Access Control grants access to files outside the webservers docroot path", title: "Vulnerability summary", }, { category: "other", text: "OpenStack and OpenDaylight:\nThe Java implementation of thrift is used in OpenDaylight by parts of the vpnservice functionality. This flaw refers to the JavaScript (node.js) server for Thrift, which is not used or shipped with OpenDaylight or any other part of Red Hat OpenStack Platform.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-11798", }, { category: "external", summary: "RHBZ#1667188", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1667188", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-11798", url: "https://www.cve.org/CVERecord?id=CVE-2018-11798", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-11798", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-11798", }, ], release_date: "2018-10-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "thrift: Improper Access Control grants access to files outside the webservers docroot path", }, { cve: "CVE-2018-12022", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1671097", }, ], notes: [ { category: "description", text: "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization of types from Jodd-db library", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since Candlepin's java runtime environment does not load Jodd classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not load Jodd classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-12022", }, { category: "external", summary: "RHBZ#1671097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671097", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-12022", url: "https://www.cve.org/CVERecord?id=CVE-2018-12022", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-12022", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-12022", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization of types from Jodd-db library", }, { cve: "CVE-2018-12023", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1671096", }, ], notes: [ { category: "description", text: "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Oracle JDBC classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since Candlepin's java runtime environment does not load Oracle's JDBC classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not load Oracle's JDBC classes.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-12023", }, { category: "external", summary: "RHBZ#1671096", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671096", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-12023", url: "https://www.cve.org/CVERecord?id=CVE-2018-12023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-12023", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-12023", }, ], release_date: "2018-06-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver", }, { cve: "CVE-2018-14718", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666415", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: arbitrary code execution in slf4j-ext class", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in jackson-databind involves exploiting CVE-2018-1088 against slf4j, which was fixed in Red Hat products through the errata referenced at https://access.redhat.com/security/cve/cve-2018-8088. Applications that link only slf4j versions including that fix are not vulnerable to this vulnerability.\n\nRed Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't bundle slf4j-ext jar.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14718", }, { category: "external", summary: "RHBZ#1666415", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666415", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14718", url: "https://www.cve.org/CVERecord?id=CVE-2018-14718", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14718", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14718", }, ], release_date: "2018-07-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: arbitrary code execution in slf4j-ext class", }, { cve: "CVE-2018-14719", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666418", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using blaze classes. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes", title: "Vulnerability summary", }, { category: "other", text: "The following Red Hat products are not affected by this issue as they do not bundle or provide the requisite gadget jars to exploit this vulnerability:\nRed Hat Satellite 6\nRed Hat Enterprise Virtualization 4\nRed Hat Fuse 6, 7, and Fuse Integration Services 2\nRed Hat A-MQ 6", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14719", }, { category: "external", summary: "RHBZ#1666418", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666418", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14719", url: "https://www.cve.org/CVERecord?id=CVE-2018-14719", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14719", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14719", }, ], release_date: "2018-07-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes", }, { cve: "CVE-2018-19360", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666482", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the axis2-transport-jms class. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization in axis2-transport-jms class", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't include axis2-transport-jms jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not include axis2-transport-jms jar.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-19360", }, { category: "external", summary: "RHBZ#1666482", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666482", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-19360", url: "https://www.cve.org/CVERecord?id=CVE-2018-19360", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-19360", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-19360", }, ], release_date: "2018-11-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization in axis2-transport-jms class", }, { cve: "CVE-2018-19361", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666484", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the OpenJPA class. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization in openjpa class", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't bundle openjpa jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since its candlepin component doesn't bundle openjpa jar.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-19361", }, { category: "external", summary: "RHBZ#1666484", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666484", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-19361", url: "https://www.cve.org/CVERecord?id=CVE-2018-19361", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-19361", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-19361", }, ], release_date: "2018-11-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization in openjpa class", }, { cve: "CVE-2018-19362", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666489", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the jboss-common-core class. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization in jboss-common-core class", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't bundle jboss-common-core jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since its candlepin component doesn't bundle jboss-common-core jar.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-19362", }, { category: "external", summary: "RHBZ#1666489", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666489", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-19362", url: "https://www.cve.org/CVERecord?id=CVE-2018-19362", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-19362", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-19362", }, ], release_date: "2018-11-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization in jboss-common-core class", }, { cve: "CVE-2019-0201", cwe: { id: "CWE-732", name: "Incorrect Permission Assignment for Critical Resource", }, discovery_date: "2019-05-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1715197", }, ], notes: [ { category: "description", text: "A flaw was found in Apache ZooKeeper. A lack of permission checks while retrieving ACLs allows unsalted hash values to be disclosed for unauthenticated or unprivileged users.", title: "Vulnerability description", }, { category: "summary", text: "zookeeper: Information disclosure in Apache ZooKeeper", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-0201", }, { category: "external", summary: "RHBZ#1715197", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1715197", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-0201", url: "https://www.cve.org/CVERecord?id=CVE-2019-0201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-0201", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-0201", }, ], release_date: "2019-05-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-17T14:54:30+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { category: "workaround", details: "Use an authentication method other than Digest (e.g. Kerberos) or upgrade to zookeeper 3.4.14 or later (3.5.5 or later if on the 3.5 branch). [https://zookeeper.apache.org/security.html#CVE-2019-0201]", product_ids: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss Data Virtualization 6.4.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "zookeeper: Information disclosure in Apache ZooKeeper", }, ], }
rhsa-2019:3892
Vulnerability from csaf_redhat
Published
2019-11-14 21:17
Modified
2025-03-17 00:16
Summary
Red Hat Security Advisory: Red Hat Fuse 7.5.0 security update
Notes
Topic
A minor version update (from 7.4 to 7.5) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
[2020-04-17 update: descriptions for mutiple components fixed for the same CVE added]
Details
This release of Red Hat Fuse 7.5.0 serves as a replacement for Red Hat Fuse 7.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)
* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485)
* infinispan: deserialization of data in XML and JSON transcoders (CVE-2018-1131)
* hadoop: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file (CVE-2018-8009)
* jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)
* jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)
* jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)
* jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)
* jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)
* jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)
* jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)
* jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)
* jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)
* retrofit: Directory traversal in RequestBuilder allows manipulation of resources (CVE-2018-1000850)
* zookeeper: Information disclosure in Apache ZooKeeper (CVE-2019-0201)
* mesos: docker image code execution (CVE-2019-0204)
* netty: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* grpc: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* netty: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* grpc: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* netty: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
* grpc: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
* netty: HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)
* xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285) (CVE-2019-10173)
* syndesis: default CORS configuration is allow all (CVE-2019-14860)
* netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers (CVE-2019-16869)
* activemq: ActiveMQ Client Missing TLS Hostname Verification (CVE-2018-11775)
* tika: Incomplete fix allows for XML entity expansion resulting in denial of service (CVE-2018-11796)
* jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class (CVE-2018-14721)
* tomcat: Host name verification missing in WebSocket client (CVE-2018-8034)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A minor version update (from 7.4 to 7.5) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[2020-04-17 update: descriptions for mutiple components fixed for the same CVE added]", title: "Topic", }, { category: "general", text: "This release of Red Hat Fuse 7.5.0 serves as a replacement for Red Hat Fuse 7.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)\n\n* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485)\n\n* infinispan: deserialization of data in XML and JSON transcoders (CVE-2018-1131)\n\n* hadoop: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file (CVE-2018-8009)\n\n* jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)\n\n* jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)\n\n* jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)\n\n* jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)\n\n* jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)\n\n* jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)\n\n* jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)\n\n* jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)\n\n* jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)\n\n* retrofit: Directory traversal in RequestBuilder allows manipulation of resources (CVE-2018-1000850)\n\n* zookeeper: Information disclosure in Apache ZooKeeper (CVE-2019-0201)\n\n* mesos: docker image code execution (CVE-2019-0204)\n\n* netty: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* grpc: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* netty: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* grpc: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* netty: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)\n\n* grpc: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)\n\n* netty: HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)\n\n* xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285) (CVE-2019-10173)\n\n* syndesis: default CORS configuration is allow all (CVE-2019-14860)\n\n* netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers (CVE-2019-16869)\n\n* activemq: ActiveMQ Client Missing TLS Hostname Verification (CVE-2018-11775)\n\n* tika: Incomplete fix allows for XML entity expansion resulting in denial of service (CVE-2018-11796)\n\n* jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class (CVE-2018-14721)\n\n* tomcat: Host name verification missing in WebSocket client (CVE-2018-8034)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2019:3892", url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.5.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.5.0", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", url: "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", }, { category: "external", summary: "1506612", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1506612", }, { category: "external", summary: "1528565", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1528565", }, { category: "external", summary: "1576492", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1576492", }, { category: "external", summary: "1593018", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1593018", }, { category: "external", summary: "1607580", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1607580", }, { category: "external", summary: "1629083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1629083", }, { category: "external", summary: "1639090", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1639090", }, { category: "external", summary: "1663904", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1663904", }, { category: "external", summary: "1666415", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666415", }, { category: "external", summary: "1666418", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666418", }, { category: "external", summary: "1666423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666423", }, { category: "external", summary: "1666428", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666428", }, { category: "external", summary: "1666482", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666482", }, { category: "external", summary: "1666484", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666484", }, { category: "external", summary: "1666489", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666489", }, { category: "external", summary: "1671096", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671096", }, { category: "external", summary: "1671097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671097", }, { category: "external", summary: "1677341", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677341", }, { category: "external", summary: "1692755", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1692755", }, { category: "external", summary: "1715197", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1715197", }, { category: "external", summary: "1722971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1722971", }, { category: "external", summary: "1735645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735645", }, { category: "external", summary: "1735744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", }, { category: "external", summary: "1735745", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735745", }, { category: "external", summary: "1735749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735749", }, { category: "external", summary: "1758619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1758619", }, { category: "external", summary: "1761912", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1761912", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3892.json", }, ], title: "Red Hat Security Advisory: Red Hat Fuse 7.5.0 security update", tracking: { current_release_date: "2025-03-17T00:16:36+00:00", generator: { date: "2025-03-17T00:16:36+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2019:3892", initial_release_date: "2019-11-14T21:17:38+00:00", revision_history: [ { date: "2019-11-14T21:17:38+00:00", number: "1", summary: "Initial version", }, { date: "2020-04-20T07:18:57+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-17T00:16:36+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Fuse 7.5.0", product: { name: "Red Hat Fuse 7.5.0", product_id: "Red Hat Fuse 7.5.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_fuse:7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Fuse", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Liao Xinxi", ], organization: "NSFOCUS", }, ], cve: "CVE-2017-15095", cwe: { id: "CWE-184", name: "Incomplete List of Disallowed Inputs", }, discovery_date: "2017-10-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1506612", }, ], notes: [ { category: "description", text: "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of jackson-databind (in Satellite 6.0 and 6.1) and candlepin (which embeds a copy of jackson-databind in Satellite 6.2) as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time:\n\nCandlepin currently uses the default type resolution configuration for the ObjectMappers it creates/uses. Nowhere in candlepin do we enable global polymorphic deserialization via enableDefaultTyping(...), therefore based on the documentation sited BZ 1462702 , candlepin should not be affected.\n\nHowever as the vulnerable software ships with the product we have marked them as vulnerable to ensure the issue is tracked.\n\nJBoss EAP 7.x only uses the vulnerable Jackson Databind library for marshalling and unmarshalling of JSON objects passed to JAX-RS webservices. Some advise about how to remain safe when using JAX-RS webservices on JBoss EAP 7.x is available here: \n\nhttps://access.redhat.com/solutions/3279231", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-15095", }, { category: "external", summary: "RHBZ#1506612", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1506612", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-15095", url: "https://www.cve.org/CVERecord?id=CVE-2017-15095", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-15095", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-15095", }, { category: "external", summary: "https://access.redhat.com/solutions/3442891", url: "https://access.redhat.com/solutions/3442891", }, ], release_date: "2017-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { category: "workaround", details: "Mitigation to this problem is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", product_ids: [ "Red Hat Fuse 7.5.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)", }, { acknowledgments: [ { names: [ "0c0c0f from 360观星实验室", ], }, ], cve: "CVE-2017-17485", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2017-12-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1528565", }, ], notes: [ { category: "description", text: "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper. This issue extends upon the previous flaws CVE-2017-7525 and CVE-2017-15095 by blacklisting more classes that could be used maliciously.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-17485", }, { category: "external", summary: "RHBZ#1528565", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1528565", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-17485", url: "https://www.cve.org/CVERecord?id=CVE-2017-17485", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-17485", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-17485", }, { category: "external", summary: "https://access.redhat.com/solutions/3442891", url: "https://access.redhat.com/solutions/3442891", }, ], release_date: "2017-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)", }, { cve: "CVE-2018-1131", cwe: { id: "CWE-349", name: "Acceptance of Extraneous Untrusted Data With Trusted Data", }, discovery_date: "2018-05-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1576492", }, ], notes: [ { category: "description", text: "Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected.", title: "Vulnerability description", }, { category: "summary", text: "infinispan: deserialization of data in XML and JSON transcoders", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-1131", }, { category: "external", summary: "RHBZ#1576492", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1576492", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-1131", url: "https://www.cve.org/CVERecord?id=CVE-2018-1131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1131", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1131", }, ], release_date: "2018-05-14T14:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "infinispan: deserialization of data in XML and JSON transcoders", }, { cve: "CVE-2018-8009", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2018-06-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1593018", }, ], notes: [ { category: "description", text: "Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.", title: "Vulnerability description", }, { category: "summary", text: "hadoop: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of rhs-hadoop as shipped with Red Hat Gluster Storage 3. For JBoss Fuse 6.3 and 7 standalone, while they ship vulnerable artifact via camel-hbase, camel-hdfs2 (fuse 6.3) and camel-hdfs2 (fuse 7), there's no invocation on the flawed code that could lead to an unzip operation. So fuse 6.3, 7 standalone are not affected. However FIS 2.0 and Fuse 7 on OpenShift ship vulnerable artifact via maven BOM, so setting fuse as affected for this reason.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-8009", }, { category: "external", summary: "RHBZ#1593018", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1593018", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-8009", url: "https://www.cve.org/CVERecord?id=CVE-2018-8009", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-8009", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-8009", }, ], release_date: "2018-06-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "hadoop: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file", }, { cve: "CVE-2018-8034", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2018-07-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1607580", }, ], notes: [ { category: "description", text: "The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Host name verification missing in WebSocket client", title: "Vulnerability summary", }, { category: "other", text: "Tomcat 6, and Red Hat products shipping it, are not affected by this CVE. Tomcat 7, 8, and 9, as well as Red Hat Products shipping them, are affected. Affected products, including Red Hat JBoss Web Server 3 and 5, Enterprise Application Server 6, and Fuse 7, may provide fixes for this issue in a future release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-8034", }, { category: "external", summary: "RHBZ#1607580", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1607580", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-8034", url: "https://www.cve.org/CVERecord?id=CVE-2018-8034", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-8034", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-8034", }, ], release_date: "2018-07-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Host name verification missing in WebSocket client", }, { cve: "CVE-2018-11307", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-02-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1677341", }, ], notes: [ { category: "description", text: "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using MyBatis classes when using DefaultTyping. An attacker could use this flaw to achieve content exfiltration and possibly conduct further attacks.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since Candlepin's java runtime environment does not load MyBatis classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not include MyBatis classes.\n\nRed Hat Fuse 6 and 7 are not directly affected by this issue, as although they do ship the vulnerable jackson-databind component, they do not enable polymorphic deserialization or default typing which are required for exploitability. Their impacts have correspondingly been reduced to Moderate. Future updates may address this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-11307", }, { category: "external", summary: "RHBZ#1677341", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677341", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-11307", url: "https://www.cve.org/CVERecord?id=CVE-2018-11307", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-11307", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-11307", }, ], release_date: "2018-05-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis", }, { cve: "CVE-2018-11775", discovery_date: "2018-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1629083", }, ], notes: [ { category: "description", text: "TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.", title: "Vulnerability description", }, { category: "summary", text: "activemq: ActiveMQ Client Missing TLS Hostname Verification", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-11775", }, { category: "external", summary: "RHBZ#1629083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1629083", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-11775", url: "https://www.cve.org/CVERecord?id=CVE-2018-11775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-11775", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-11775", }, ], release_date: "2018-09-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "activemq: ActiveMQ Client Missing TLS Hostname Verification", }, { cve: "CVE-2018-11796", cwe: { id: "CWE-776", name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", }, discovery_date: "2018-10-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1639090", }, ], notes: [ { category: "description", text: "In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later.", title: "Vulnerability description", }, { category: "summary", text: "tika: Incomplete fix allows for XML entity expansion resulting in denial of service", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of tika which is embedded in the nutch package as shipped with Red Hat Satellite 5. The tika server is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-11796", }, { category: "external", summary: "RHBZ#1639090", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1639090", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-11796", url: "https://www.cve.org/CVERecord?id=CVE-2018-11796", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-11796", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-11796", }, { category: "external", summary: "https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E", url: "https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E", }, ], release_date: "2018-10-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tika: Incomplete fix allows for XML entity expansion resulting in denial of service", }, { cve: "CVE-2018-12022", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1671097", }, ], notes: [ { category: "description", text: "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization of types from Jodd-db library", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since Candlepin's java runtime environment does not load Jodd classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not load Jodd classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-12022", }, { category: "external", summary: "RHBZ#1671097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671097", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-12022", url: "https://www.cve.org/CVERecord?id=CVE-2018-12022", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-12022", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-12022", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization of types from Jodd-db library", }, { cve: "CVE-2018-12023", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1671096", }, ], notes: [ { category: "description", text: "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Oracle JDBC classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since Candlepin's java runtime environment does not load Oracle's JDBC classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not load Oracle's JDBC classes.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-12023", }, { category: "external", summary: "RHBZ#1671096", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671096", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-12023", url: "https://www.cve.org/CVERecord?id=CVE-2018-12023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-12023", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-12023", }, ], release_date: "2018-06-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver", }, { cve: "CVE-2018-14718", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666415", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: arbitrary code execution in slf4j-ext class", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in jackson-databind involves exploiting CVE-2018-1088 against slf4j, which was fixed in Red Hat products through the errata referenced at https://access.redhat.com/security/cve/cve-2018-8088. Applications that link only slf4j versions including that fix are not vulnerable to this vulnerability.\n\nRed Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't bundle slf4j-ext jar.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14718", }, { category: "external", summary: "RHBZ#1666415", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666415", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14718", url: "https://www.cve.org/CVERecord?id=CVE-2018-14718", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14718", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14718", }, ], release_date: "2018-07-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: arbitrary code execution in slf4j-ext class", }, { cve: "CVE-2018-14719", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666418", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using blaze classes. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes", title: "Vulnerability summary", }, { category: "other", text: "The following Red Hat products are not affected by this issue as they do not bundle or provide the requisite gadget jars to exploit this vulnerability:\nRed Hat Satellite 6\nRed Hat Enterprise Virtualization 4\nRed Hat Fuse 6, 7, and Fuse Integration Services 2\nRed Hat A-MQ 6", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14719", }, { category: "external", summary: "RHBZ#1666418", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666418", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14719", url: "https://www.cve.org/CVERecord?id=CVE-2018-14719", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14719", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14719", }, ], release_date: "2018-07-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes", }, { cve: "CVE-2018-14720", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666423", }, ], notes: [ { category: "description", text: "FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: exfiltration/XXE in some JDK classes", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since its only supported Java runtime (openJDK) doesn't bundle the com.sun.deploy.security.ruleset.DRSHelper class.\n\nRed Hat Enterprise Virtualization 4 is not affected by this issue, since its only supported Java runtime (openJDK) doesn't bundle the com.sun.deploy.security.ruleset.DRSHelper class.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14720", }, { category: "external", summary: "RHBZ#1666423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666423", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14720", url: "https://www.cve.org/CVERecord?id=CVE-2018-14720", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14720", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14720", }, ], release_date: "2018-07-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { category: "workaround", details: "The following conditions are needed for an exploit, we recommend avoiding all if possible \n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", product_ids: [ "Red Hat Fuse 7.5.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: exfiltration/XXE in some JDK classes", }, { cve: "CVE-2018-14721", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666428", }, ], notes: [ { category: "description", text: "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't bundle axis2-jaxws jar.\n\nRed Hat Virtualization is not affected by this issue, since its does not bundle axis2-jaxws jar.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14721", }, { category: "external", summary: "RHBZ#1666428", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666428", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14721", url: "https://www.cve.org/CVERecord?id=CVE-2018-14721", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14721", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14721", }, ], release_date: "2018-07-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class", }, { cve: "CVE-2018-19360", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666482", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the axis2-transport-jms class. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization in axis2-transport-jms class", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't include axis2-transport-jms jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not include axis2-transport-jms jar.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-19360", }, { category: "external", summary: "RHBZ#1666482", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666482", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-19360", url: "https://www.cve.org/CVERecord?id=CVE-2018-19360", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-19360", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-19360", }, ], release_date: "2018-11-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization in axis2-transport-jms class", }, { cve: "CVE-2018-19361", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666484", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the OpenJPA class. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization in openjpa class", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't bundle openjpa jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since its candlepin component doesn't bundle openjpa jar.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-19361", }, { category: "external", summary: "RHBZ#1666484", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666484", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-19361", url: "https://www.cve.org/CVERecord?id=CVE-2018-19361", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-19361", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-19361", }, ], release_date: "2018-11-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization in openjpa class", }, { cve: "CVE-2018-19362", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666489", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the jboss-common-core class. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization in jboss-common-core class", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't bundle jboss-common-core jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since its candlepin component doesn't bundle jboss-common-core jar.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-19362", }, { category: "external", summary: "RHBZ#1666489", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666489", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-19362", url: "https://www.cve.org/CVERecord?id=CVE-2018-19362", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-19362", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-19362", }, ], release_date: "2018-11-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization in jboss-common-core class", }, { cve: "CVE-2018-1000850", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2018-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1663904", }, ], notes: [ { category: "description", text: "A flaw was found in Retrofit, where it allowed directory traversal via its RequestBuilder class. An attacker could use this flaw to access information or commands outside of its set permissions.", title: "Vulnerability description", }, { category: "summary", text: "retrofit: Directory traversal in RequestBuilder allows manipulation of resources", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-1000850", }, { category: "external", summary: "RHBZ#1663904", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1663904", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-1000850", url: "https://www.cve.org/CVERecord?id=CVE-2018-1000850", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1000850", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1000850", }, ], release_date: "2018-10-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "retrofit: Directory traversal in RequestBuilder allows manipulation of resources", }, { cve: "CVE-2019-0201", cwe: { id: "CWE-732", name: "Incorrect Permission Assignment for Critical Resource", }, discovery_date: "2019-05-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1715197", }, ], notes: [ { category: "description", text: "A flaw was found in Apache ZooKeeper. A lack of permission checks while retrieving ACLs allows unsalted hash values to be disclosed for unauthenticated or unprivileged users.", title: "Vulnerability description", }, { category: "summary", text: "zookeeper: Information disclosure in Apache ZooKeeper", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-0201", }, { category: "external", summary: "RHBZ#1715197", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1715197", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-0201", url: "https://www.cve.org/CVERecord?id=CVE-2019-0201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-0201", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-0201", }, ], release_date: "2019-05-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { category: "workaround", details: "Use an authentication method other than Digest (e.g. Kerberos) or upgrade to zookeeper 3.4.14 or later (3.5.5 or later if on the 3.5 branch). [https://zookeeper.apache.org/security.html#CVE-2019-0201]", product_ids: [ "Red Hat Fuse 7.5.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "zookeeper: Information disclosure in Apache ZooKeeper", }, { cve: "CVE-2019-0204", cwe: { id: "CWE-250", name: "Execution with Unnecessary Privileges", }, discovery_date: "2019-03-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1692755", }, ], notes: [ { category: "description", text: "A flaw was found in Docker image running under root user, where it is possible to overwrite the init helper binary of the container runtime or the command executor in Apache Mesos. A malicious user could use this flaw to gain root-level code execution on the host.", title: "Vulnerability description", }, { category: "summary", text: "mesos: docker image code execution", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-0204", }, { category: "external", summary: "RHBZ#1692755", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1692755", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-0204", url: "https://www.cve.org/CVERecord?id=CVE-2019-0204", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-0204", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-0204", }, ], release_date: "2019-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "mesos: docker image code execution", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9512", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735645", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using PING frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9512", }, { category: "external", summary: "RHBZ#1735645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735645", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9512", url: "https://www.cve.org/CVERecord?id=CVE-2019-9512", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", url: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", url: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using PING frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9514", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735744", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RST_STREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using HEADERS frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9514", }, { category: "external", summary: "RHBZ#1735744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9514", url: "https://www.cve.org/CVERecord?id=CVE-2019-9514", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", url: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", url: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using HEADERS frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9515", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735745", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using SETTINGS frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of grafana(embeds gRPC) as shipped with Red Hat Ceph Storage 3 as it include the support for HTTP/2.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9515", }, { category: "external", summary: "RHBZ#1735745", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735745", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9515", url: "https://www.cve.org/CVERecord?id=CVE-2019-9515", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9515", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9515", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using SETTINGS frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735749", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using empty frames results in excessive resource consumption", title: "Vulnerability summary", }, { category: "other", text: "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9518", }, { category: "external", summary: "RHBZ#1735749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735749", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9518", url: "https://www.cve.org/CVERecord?id=CVE-2019-9518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9518", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9518", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using empty frames results in excessive resource consumption", }, { cve: "CVE-2019-10173", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, discovery_date: "2019-06-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1722971", }, ], notes: [ { category: "description", text: "It was found that xstream API version 1.4.10 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. This a regression of CVE-2013-7285 fixed in 1.4.7 (fixed) as of BPMS 6.0.1, the regression was introduced with xstream-1.4.10 implemented in RHPAM.", title: "Vulnerability description", }, { category: "summary", text: "xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-10173", }, { category: "external", summary: "RHBZ#1722971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1722971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-10173", url: "https://www.cve.org/CVERecord?id=CVE-2019-10173", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-10173", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-10173", }, { category: "external", summary: "http://x-stream.github.io/changes.html#1.4.11", url: "http://x-stream.github.io/changes.html#1.4.11", }, ], release_date: "2018-10-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)", }, { acknowledgments: [ { names: [ "Jeremy Choi", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2019-14860", cwe: { id: "CWE-942", name: "Permissive Cross-domain Policy with Untrusted Domains", }, discovery_date: "2019-10-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1761912", }, ], notes: [ { category: "description", text: "It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information.", title: "Vulnerability description", }, { category: "summary", text: "syndesis: default CORS configuration is allow all", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-14860", }, { category: "external", summary: "RHBZ#1761912", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1761912", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-14860", url: "https://www.cve.org/CVERecord?id=CVE-2019-14860", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-14860", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-14860", }, ], release_date: "2019-10-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "syndesis: default CORS configuration is allow all", }, { cve: "CVE-2019-16869", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2019-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1758619", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers", title: "Vulnerability summary", }, { category: "other", text: "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch's security team has stated that this vulnerability does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit these vulnerabilities on OpenShift Container Platform, so we're reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-16869", }, { category: "external", summary: "RHBZ#1758619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1758619", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-16869", url: "https://www.cve.org/CVERecord?id=CVE-2019-16869", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-16869", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-16869", }, ], release_date: "2019-09-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { category: "workaround", details: "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings", product_ids: [ "Red Hat Fuse 7.5.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers", }, ], }
RHSA-2019:4352
Vulnerability from csaf_redhat
Published
2019-12-19 17:37
Modified
2025-03-15 19:45
Summary
Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R14 security and bug fix update
Notes
Topic
An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications.
This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below.
Security fix(es):
* zookeeper: Information disclosure in Apache ZooKeeper (CVE-2019-0201)
* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
* HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)
* xstream: remote code execution due to insecure XML deserialization (CVE-2019-10173)
* jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications.\n\nThis patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below.\n\nSecurity fix(es):\n\n* zookeeper: Information disclosure in Apache ZooKeeper (CVE-2019-0201)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) \n\n* HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)\n\n* xstream: remote code execution due to insecure XML deserialization (CVE-2019-10173)\n\n* jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2019:4352", url: "https://access.redhat.com/errata/RHSA-2019:4352", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.broker&downloadType=securityPatches&version=6.3.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.broker&downloadType=securityPatches&version=6.3.0", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=securityPatches&version=6.3", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=securityPatches&version=6.3", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/release_notes/index", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/release_notes/index", }, { category: "external", summary: "1715197", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1715197", }, { category: "external", summary: "1722971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1722971", }, { category: "external", summary: "1725807", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1725807", }, { category: "external", summary: "1735645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735645", }, { category: "external", summary: "1735744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", }, { category: "external", summary: "1735745", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735745", }, { category: "external", summary: "1735749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735749", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_4352.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R14 security and bug fix update", tracking: { current_release_date: "2025-03-15T19:45:06+00:00", generator: { date: "2025-03-15T19:45:06+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2019:4352", initial_release_date: "2019-12-19T17:37:50+00:00", revision_history: [ { date: "2019-12-19T17:37:50+00:00", number: "1", summary: "Initial version", }, { date: "2019-12-19T17:37:50+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T19:45:06+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Fuse 6.3", product: { name: "Red Hat Fuse 6.3", product_id: "Red Hat Fuse 6.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_fuse:6.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Fuse", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2019-0201", cwe: { id: "CWE-732", name: "Incorrect Permission Assignment for Critical Resource", }, discovery_date: "2019-05-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1715197", }, ], notes: [ { category: "description", text: "A flaw was found in Apache ZooKeeper. A lack of permission checks while retrieving ACLs allows unsalted hash values to be disclosed for unauthenticated or unprivileged users.", title: "Vulnerability description", }, { category: "summary", text: "zookeeper: Information disclosure in Apache ZooKeeper", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-0201", }, { category: "external", summary: "RHBZ#1715197", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1715197", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-0201", url: "https://www.cve.org/CVERecord?id=CVE-2019-0201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-0201", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-0201", }, ], release_date: "2019-05-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-12-19T17:37:50+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:4352", }, { category: "workaround", details: "Use an authentication method other than Digest (e.g. Kerberos) or upgrade to zookeeper 3.4.14 or later (3.5.5 or later if on the 3.5 branch). [https://zookeeper.apache.org/security.html#CVE-2019-0201]", product_ids: [ "Red Hat Fuse 6.3", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "Red Hat Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "zookeeper: Information disclosure in Apache ZooKeeper", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9512", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735645", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using PING frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9512", }, { category: "external", summary: "RHBZ#1735645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735645", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9512", url: "https://www.cve.org/CVERecord?id=CVE-2019-9512", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", url: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", url: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-12-19T17:37:50+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:4352", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using PING frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9514", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735744", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RST_STREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using HEADERS frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9514", }, { category: "external", summary: "RHBZ#1735744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9514", url: "https://www.cve.org/CVERecord?id=CVE-2019-9514", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", url: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", url: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-12-19T17:37:50+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:4352", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using HEADERS frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9515", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735745", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using SETTINGS frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of grafana(embeds gRPC) as shipped with Red Hat Ceph Storage 3 as it include the support for HTTP/2.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9515", }, { category: "external", summary: "RHBZ#1735745", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735745", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9515", url: "https://www.cve.org/CVERecord?id=CVE-2019-9515", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9515", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9515", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-12-19T17:37:50+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:4352", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using SETTINGS frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735749", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using empty frames results in excessive resource consumption", title: "Vulnerability summary", }, { category: "other", text: "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9518", }, { category: "external", summary: "RHBZ#1735749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735749", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9518", url: "https://www.cve.org/CVERecord?id=CVE-2019-9518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9518", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9518", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-12-19T17:37:50+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:4352", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using empty frames results in excessive resource consumption", }, { cve: "CVE-2019-10173", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, discovery_date: "2019-06-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1722971", }, ], notes: [ { category: "description", text: "It was found that xstream API version 1.4.10 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. This a regression of CVE-2013-7285 fixed in 1.4.7 (fixed) as of BPMS 6.0.1, the regression was introduced with xstream-1.4.10 implemented in RHPAM.", title: "Vulnerability description", }, { category: "summary", text: "xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-10173", }, { category: "external", summary: "RHBZ#1722971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1722971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-10173", url: "https://www.cve.org/CVERecord?id=CVE-2019-10173", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-10173", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-10173", }, { category: "external", summary: "http://x-stream.github.io/changes.html#1.4.11", url: "http://x-stream.github.io/changes.html#1.4.11", }, ], release_date: "2018-10-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-12-19T17:37:50+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:4352", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)", }, { cve: "CVE-2019-12384", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-06-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1725807", }, ], notes: [ { category: "description", text: "A flaw was discovered in FasterXML jackson-databind in versions prior to 2.9.9. The vulnerability would permit polymorphic deserialization of malicious objects using the logback-core gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. Depending on the classpath content, remote code execution may be possible.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution", title: "Vulnerability summary", }, { category: "other", text: "Red Hat OpenStack's OpenDaylight does not use logback in any supported configuration. Therefore, the prerequisites for this vulnerability are not present and OpenDaylight is not affected.\n\nThis vulnerability relies on logback-core (ch.qos.logback.core) being present in the application's ClassPath. Logback-core is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use logback-core are not impacted by this vulnerability.\n\nThis issue affects the versions of jackson-databind bundled with candlepin as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-12384", }, { category: "external", summary: "RHBZ#1725807", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1725807", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-12384", url: "https://www.cve.org/CVERecord?id=CVE-2019-12384", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-12384", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-12384", }, ], release_date: "2019-06-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-12-19T17:37:50+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:4352", }, { category: "workaround", details: "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", product_ids: [ "Red Hat Fuse 6.3", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution", }, ], }
RHSA-2019:3892
Vulnerability from csaf_redhat
Published
2019-11-14 21:17
Modified
2025-03-17 00:16
Summary
Red Hat Security Advisory: Red Hat Fuse 7.5.0 security update
Notes
Topic
A minor version update (from 7.4 to 7.5) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
[2020-04-17 update: descriptions for mutiple components fixed for the same CVE added]
Details
This release of Red Hat Fuse 7.5.0 serves as a replacement for Red Hat Fuse 7.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)
* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485)
* infinispan: deserialization of data in XML and JSON transcoders (CVE-2018-1131)
* hadoop: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file (CVE-2018-8009)
* jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)
* jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)
* jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)
* jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)
* jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)
* jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)
* jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)
* jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)
* jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)
* retrofit: Directory traversal in RequestBuilder allows manipulation of resources (CVE-2018-1000850)
* zookeeper: Information disclosure in Apache ZooKeeper (CVE-2019-0201)
* mesos: docker image code execution (CVE-2019-0204)
* netty: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* grpc: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* netty: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* grpc: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* netty: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
* grpc: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
* netty: HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)
* xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285) (CVE-2019-10173)
* syndesis: default CORS configuration is allow all (CVE-2019-14860)
* netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers (CVE-2019-16869)
* activemq: ActiveMQ Client Missing TLS Hostname Verification (CVE-2018-11775)
* tika: Incomplete fix allows for XML entity expansion resulting in denial of service (CVE-2018-11796)
* jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class (CVE-2018-14721)
* tomcat: Host name verification missing in WebSocket client (CVE-2018-8034)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A minor version update (from 7.4 to 7.5) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[2020-04-17 update: descriptions for mutiple components fixed for the same CVE added]", title: "Topic", }, { category: "general", text: "This release of Red Hat Fuse 7.5.0 serves as a replacement for Red Hat Fuse 7.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)\n\n* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485)\n\n* infinispan: deserialization of data in XML and JSON transcoders (CVE-2018-1131)\n\n* hadoop: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file (CVE-2018-8009)\n\n* jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)\n\n* jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)\n\n* jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)\n\n* jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)\n\n* jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)\n\n* jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)\n\n* jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)\n\n* jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)\n\n* jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)\n\n* retrofit: Directory traversal in RequestBuilder allows manipulation of resources (CVE-2018-1000850)\n\n* zookeeper: Information disclosure in Apache ZooKeeper (CVE-2019-0201)\n\n* mesos: docker image code execution (CVE-2019-0204)\n\n* netty: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* grpc: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* netty: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* grpc: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* netty: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)\n\n* grpc: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)\n\n* netty: HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)\n\n* xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285) (CVE-2019-10173)\n\n* syndesis: default CORS configuration is allow all (CVE-2019-14860)\n\n* netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers (CVE-2019-16869)\n\n* activemq: ActiveMQ Client Missing TLS Hostname Verification (CVE-2018-11775)\n\n* tika: Incomplete fix allows for XML entity expansion resulting in denial of service (CVE-2018-11796)\n\n* jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class (CVE-2018-14721)\n\n* tomcat: Host name verification missing in WebSocket client (CVE-2018-8034)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2019:3892", url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.5.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.5.0", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", url: "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", }, { category: "external", summary: "1506612", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1506612", }, { category: "external", summary: "1528565", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1528565", }, { category: "external", summary: "1576492", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1576492", }, { category: "external", summary: "1593018", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1593018", }, { category: "external", summary: "1607580", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1607580", }, { category: "external", summary: "1629083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1629083", }, { category: "external", summary: "1639090", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1639090", }, { category: "external", summary: "1663904", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1663904", }, { category: "external", summary: "1666415", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666415", }, { category: "external", summary: "1666418", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666418", }, { category: "external", summary: "1666423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666423", }, { category: "external", summary: "1666428", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666428", }, { category: "external", summary: "1666482", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666482", }, { category: "external", summary: "1666484", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666484", }, { category: "external", summary: "1666489", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666489", }, { category: "external", summary: "1671096", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671096", }, { category: "external", summary: "1671097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671097", }, { category: "external", summary: "1677341", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677341", }, { category: "external", summary: "1692755", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1692755", }, { category: "external", summary: "1715197", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1715197", }, { category: "external", summary: "1722971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1722971", }, { category: "external", summary: "1735645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735645", }, { category: "external", summary: "1735744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", }, { category: "external", summary: "1735745", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735745", }, { category: "external", summary: "1735749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735749", }, { category: "external", summary: "1758619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1758619", }, { category: "external", summary: "1761912", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1761912", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3892.json", }, ], title: "Red Hat Security Advisory: Red Hat Fuse 7.5.0 security update", tracking: { current_release_date: "2025-03-17T00:16:36+00:00", generator: { date: "2025-03-17T00:16:36+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2019:3892", initial_release_date: "2019-11-14T21:17:38+00:00", revision_history: [ { date: "2019-11-14T21:17:38+00:00", number: "1", summary: "Initial version", }, { date: "2020-04-20T07:18:57+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-17T00:16:36+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Fuse 7.5.0", product: { name: "Red Hat Fuse 7.5.0", product_id: "Red Hat Fuse 7.5.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_fuse:7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Fuse", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Liao Xinxi", ], organization: "NSFOCUS", }, ], cve: "CVE-2017-15095", cwe: { id: "CWE-184", name: "Incomplete List of Disallowed Inputs", }, discovery_date: "2017-10-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1506612", }, ], notes: [ { category: "description", text: "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of jackson-databind (in Satellite 6.0 and 6.1) and candlepin (which embeds a copy of jackson-databind in Satellite 6.2) as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time:\n\nCandlepin currently uses the default type resolution configuration for the ObjectMappers it creates/uses. Nowhere in candlepin do we enable global polymorphic deserialization via enableDefaultTyping(...), therefore based on the documentation sited BZ 1462702 , candlepin should not be affected.\n\nHowever as the vulnerable software ships with the product we have marked them as vulnerable to ensure the issue is tracked.\n\nJBoss EAP 7.x only uses the vulnerable Jackson Databind library for marshalling and unmarshalling of JSON objects passed to JAX-RS webservices. Some advise about how to remain safe when using JAX-RS webservices on JBoss EAP 7.x is available here: \n\nhttps://access.redhat.com/solutions/3279231", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-15095", }, { category: "external", summary: "RHBZ#1506612", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1506612", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-15095", url: "https://www.cve.org/CVERecord?id=CVE-2017-15095", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-15095", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-15095", }, { category: "external", summary: "https://access.redhat.com/solutions/3442891", url: "https://access.redhat.com/solutions/3442891", }, ], release_date: "2017-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { category: "workaround", details: "Mitigation to this problem is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", product_ids: [ "Red Hat Fuse 7.5.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)", }, { acknowledgments: [ { names: [ "0c0c0f from 360观星实验室", ], }, ], cve: "CVE-2017-17485", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2017-12-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1528565", }, ], notes: [ { category: "description", text: "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper. This issue extends upon the previous flaws CVE-2017-7525 and CVE-2017-15095 by blacklisting more classes that could be used maliciously.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-17485", }, { category: "external", summary: "RHBZ#1528565", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1528565", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-17485", url: "https://www.cve.org/CVERecord?id=CVE-2017-17485", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-17485", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-17485", }, { category: "external", summary: "https://access.redhat.com/solutions/3442891", url: "https://access.redhat.com/solutions/3442891", }, ], release_date: "2017-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)", }, { cve: "CVE-2018-1131", cwe: { id: "CWE-349", name: "Acceptance of Extraneous Untrusted Data With Trusted Data", }, discovery_date: "2018-05-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1576492", }, ], notes: [ { category: "description", text: "Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected.", title: "Vulnerability description", }, { category: "summary", text: "infinispan: deserialization of data in XML and JSON transcoders", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-1131", }, { category: "external", summary: "RHBZ#1576492", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1576492", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-1131", url: "https://www.cve.org/CVERecord?id=CVE-2018-1131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1131", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1131", }, ], release_date: "2018-05-14T14:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "infinispan: deserialization of data in XML and JSON transcoders", }, { cve: "CVE-2018-8009", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2018-06-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1593018", }, ], notes: [ { category: "description", text: "Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.", title: "Vulnerability description", }, { category: "summary", text: "hadoop: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of rhs-hadoop as shipped with Red Hat Gluster Storage 3. For JBoss Fuse 6.3 and 7 standalone, while they ship vulnerable artifact via camel-hbase, camel-hdfs2 (fuse 6.3) and camel-hdfs2 (fuse 7), there's no invocation on the flawed code that could lead to an unzip operation. So fuse 6.3, 7 standalone are not affected. However FIS 2.0 and Fuse 7 on OpenShift ship vulnerable artifact via maven BOM, so setting fuse as affected for this reason.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-8009", }, { category: "external", summary: "RHBZ#1593018", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1593018", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-8009", url: "https://www.cve.org/CVERecord?id=CVE-2018-8009", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-8009", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-8009", }, ], release_date: "2018-06-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "hadoop: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file", }, { cve: "CVE-2018-8034", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2018-07-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1607580", }, ], notes: [ { category: "description", text: "The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Host name verification missing in WebSocket client", title: "Vulnerability summary", }, { category: "other", text: "Tomcat 6, and Red Hat products shipping it, are not affected by this CVE. Tomcat 7, 8, and 9, as well as Red Hat Products shipping them, are affected. Affected products, including Red Hat JBoss Web Server 3 and 5, Enterprise Application Server 6, and Fuse 7, may provide fixes for this issue in a future release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-8034", }, { category: "external", summary: "RHBZ#1607580", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1607580", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-8034", url: "https://www.cve.org/CVERecord?id=CVE-2018-8034", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-8034", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-8034", }, ], release_date: "2018-07-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Host name verification missing in WebSocket client", }, { cve: "CVE-2018-11307", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-02-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1677341", }, ], notes: [ { category: "description", text: "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using MyBatis classes when using DefaultTyping. An attacker could use this flaw to achieve content exfiltration and possibly conduct further attacks.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since Candlepin's java runtime environment does not load MyBatis classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not include MyBatis classes.\n\nRed Hat Fuse 6 and 7 are not directly affected by this issue, as although they do ship the vulnerable jackson-databind component, they do not enable polymorphic deserialization or default typing which are required for exploitability. Their impacts have correspondingly been reduced to Moderate. Future updates may address this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-11307", }, { category: "external", summary: "RHBZ#1677341", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677341", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-11307", url: "https://www.cve.org/CVERecord?id=CVE-2018-11307", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-11307", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-11307", }, ], release_date: "2018-05-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis", }, { cve: "CVE-2018-11775", discovery_date: "2018-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1629083", }, ], notes: [ { category: "description", text: "TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.", title: "Vulnerability description", }, { category: "summary", text: "activemq: ActiveMQ Client Missing TLS Hostname Verification", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-11775", }, { category: "external", summary: "RHBZ#1629083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1629083", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-11775", url: "https://www.cve.org/CVERecord?id=CVE-2018-11775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-11775", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-11775", }, ], release_date: "2018-09-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "activemq: ActiveMQ Client Missing TLS Hostname Verification", }, { cve: "CVE-2018-11796", cwe: { id: "CWE-776", name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", }, discovery_date: "2018-10-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1639090", }, ], notes: [ { category: "description", text: "In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later.", title: "Vulnerability description", }, { category: "summary", text: "tika: Incomplete fix allows for XML entity expansion resulting in denial of service", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of tika which is embedded in the nutch package as shipped with Red Hat Satellite 5. The tika server is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-11796", }, { category: "external", summary: "RHBZ#1639090", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1639090", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-11796", url: "https://www.cve.org/CVERecord?id=CVE-2018-11796", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-11796", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-11796", }, { category: "external", summary: "https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E", url: "https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E", }, ], release_date: "2018-10-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tika: Incomplete fix allows for XML entity expansion resulting in denial of service", }, { cve: "CVE-2018-12022", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1671097", }, ], notes: [ { category: "description", text: "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization of types from Jodd-db library", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since Candlepin's java runtime environment does not load Jodd classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not load Jodd classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-12022", }, { category: "external", summary: "RHBZ#1671097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671097", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-12022", url: "https://www.cve.org/CVERecord?id=CVE-2018-12022", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-12022", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-12022", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization of types from Jodd-db library", }, { cve: "CVE-2018-12023", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1671096", }, ], notes: [ { category: "description", text: "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Oracle JDBC classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since Candlepin's java runtime environment does not load Oracle's JDBC classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not load Oracle's JDBC classes.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-12023", }, { category: "external", summary: "RHBZ#1671096", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1671096", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-12023", url: "https://www.cve.org/CVERecord?id=CVE-2018-12023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-12023", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-12023", }, ], release_date: "2018-06-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver", }, { cve: "CVE-2018-14718", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666415", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: arbitrary code execution in slf4j-ext class", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in jackson-databind involves exploiting CVE-2018-1088 against slf4j, which was fixed in Red Hat products through the errata referenced at https://access.redhat.com/security/cve/cve-2018-8088. Applications that link only slf4j versions including that fix are not vulnerable to this vulnerability.\n\nRed Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't bundle slf4j-ext jar.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14718", }, { category: "external", summary: "RHBZ#1666415", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666415", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14718", url: "https://www.cve.org/CVERecord?id=CVE-2018-14718", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14718", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14718", }, ], release_date: "2018-07-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: arbitrary code execution in slf4j-ext class", }, { cve: "CVE-2018-14719", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666418", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using blaze classes. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes", title: "Vulnerability summary", }, { category: "other", text: "The following Red Hat products are not affected by this issue as they do not bundle or provide the requisite gadget jars to exploit this vulnerability:\nRed Hat Satellite 6\nRed Hat Enterprise Virtualization 4\nRed Hat Fuse 6, 7, and Fuse Integration Services 2\nRed Hat A-MQ 6", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14719", }, { category: "external", summary: "RHBZ#1666418", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666418", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14719", url: "https://www.cve.org/CVERecord?id=CVE-2018-14719", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14719", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14719", }, ], release_date: "2018-07-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes", }, { cve: "CVE-2018-14720", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666423", }, ], notes: [ { category: "description", text: "FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: exfiltration/XXE in some JDK classes", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since its only supported Java runtime (openJDK) doesn't bundle the com.sun.deploy.security.ruleset.DRSHelper class.\n\nRed Hat Enterprise Virtualization 4 is not affected by this issue, since its only supported Java runtime (openJDK) doesn't bundle the com.sun.deploy.security.ruleset.DRSHelper class.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14720", }, { category: "external", summary: "RHBZ#1666423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666423", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14720", url: "https://www.cve.org/CVERecord?id=CVE-2018-14720", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14720", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14720", }, ], release_date: "2018-07-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { category: "workaround", details: "The following conditions are needed for an exploit, we recommend avoiding all if possible \n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", product_ids: [ "Red Hat Fuse 7.5.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: exfiltration/XXE in some JDK classes", }, { cve: "CVE-2018-14721", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666428", }, ], notes: [ { category: "description", text: "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't bundle axis2-jaxws jar.\n\nRed Hat Virtualization is not affected by this issue, since its does not bundle axis2-jaxws jar.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14721", }, { category: "external", summary: "RHBZ#1666428", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666428", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14721", url: "https://www.cve.org/CVERecord?id=CVE-2018-14721", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14721", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14721", }, ], release_date: "2018-07-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class", }, { cve: "CVE-2018-19360", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666482", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the axis2-transport-jms class. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization in axis2-transport-jms class", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't include axis2-transport-jms jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not include axis2-transport-jms jar.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-19360", }, { category: "external", summary: "RHBZ#1666482", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666482", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-19360", url: "https://www.cve.org/CVERecord?id=CVE-2018-19360", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-19360", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-19360", }, ], release_date: "2018-11-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization in axis2-transport-jms class", }, { cve: "CVE-2018-19361", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666484", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the OpenJPA class. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization in openjpa class", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't bundle openjpa jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since its candlepin component doesn't bundle openjpa jar.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-19361", }, { category: "external", summary: "RHBZ#1666484", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666484", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-19361", url: "https://www.cve.org/CVERecord?id=CVE-2018-19361", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-19361", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-19361", }, ], release_date: "2018-11-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization in openjpa class", }, { cve: "CVE-2018-19362", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1666489", }, ], notes: [ { category: "description", text: "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the jboss-common-core class. An attacker could use this flaw to execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: improper polymorphic deserialization in jboss-common-core class", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn't bundle jboss-common-core jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since its candlepin component doesn't bundle jboss-common-core jar.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-19362", }, { category: "external", summary: "RHBZ#1666489", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666489", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-19362", url: "https://www.cve.org/CVERecord?id=CVE-2018-19362", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-19362", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-19362", }, ], release_date: "2018-11-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jackson-databind: improper polymorphic deserialization in jboss-common-core class", }, { cve: "CVE-2018-1000850", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2018-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1663904", }, ], notes: [ { category: "description", text: "A flaw was found in Retrofit, where it allowed directory traversal via its RequestBuilder class. An attacker could use this flaw to access information or commands outside of its set permissions.", title: "Vulnerability description", }, { category: "summary", text: "retrofit: Directory traversal in RequestBuilder allows manipulation of resources", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-1000850", }, { category: "external", summary: "RHBZ#1663904", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1663904", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-1000850", url: "https://www.cve.org/CVERecord?id=CVE-2018-1000850", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1000850", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1000850", }, ], release_date: "2018-10-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "retrofit: Directory traversal in RequestBuilder allows manipulation of resources", }, { cve: "CVE-2019-0201", cwe: { id: "CWE-732", name: "Incorrect Permission Assignment for Critical Resource", }, discovery_date: "2019-05-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1715197", }, ], notes: [ { category: "description", text: "A flaw was found in Apache ZooKeeper. A lack of permission checks while retrieving ACLs allows unsalted hash values to be disclosed for unauthenticated or unprivileged users.", title: "Vulnerability description", }, { category: "summary", text: "zookeeper: Information disclosure in Apache ZooKeeper", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-0201", }, { category: "external", summary: "RHBZ#1715197", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1715197", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-0201", url: "https://www.cve.org/CVERecord?id=CVE-2019-0201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-0201", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-0201", }, ], release_date: "2019-05-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { category: "workaround", details: "Use an authentication method other than Digest (e.g. Kerberos) or upgrade to zookeeper 3.4.14 or later (3.5.5 or later if on the 3.5 branch). [https://zookeeper.apache.org/security.html#CVE-2019-0201]", product_ids: [ "Red Hat Fuse 7.5.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "zookeeper: Information disclosure in Apache ZooKeeper", }, { cve: "CVE-2019-0204", cwe: { id: "CWE-250", name: "Execution with Unnecessary Privileges", }, discovery_date: "2019-03-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1692755", }, ], notes: [ { category: "description", text: "A flaw was found in Docker image running under root user, where it is possible to overwrite the init helper binary of the container runtime or the command executor in Apache Mesos. A malicious user could use this flaw to gain root-level code execution on the host.", title: "Vulnerability description", }, { category: "summary", text: "mesos: docker image code execution", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-0204", }, { category: "external", summary: "RHBZ#1692755", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1692755", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-0204", url: "https://www.cve.org/CVERecord?id=CVE-2019-0204", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-0204", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-0204", }, ], release_date: "2019-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "mesos: docker image code execution", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9512", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735645", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using PING frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9512", }, { category: "external", summary: "RHBZ#1735645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735645", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9512", url: "https://www.cve.org/CVERecord?id=CVE-2019-9512", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", url: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", url: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using PING frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9514", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735744", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RST_STREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using HEADERS frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9514", }, { category: "external", summary: "RHBZ#1735744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9514", url: "https://www.cve.org/CVERecord?id=CVE-2019-9514", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", url: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", url: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using HEADERS frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9515", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735745", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using SETTINGS frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of grafana(embeds gRPC) as shipped with Red Hat Ceph Storage 3 as it include the support for HTTP/2.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9515", }, { category: "external", summary: "RHBZ#1735745", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735745", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9515", url: "https://www.cve.org/CVERecord?id=CVE-2019-9515", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9515", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9515", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using SETTINGS frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735749", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using empty frames results in excessive resource consumption", title: "Vulnerability summary", }, { category: "other", text: "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9518", }, { category: "external", summary: "RHBZ#1735749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735749", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9518", url: "https://www.cve.org/CVERecord?id=CVE-2019-9518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9518", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9518", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using empty frames results in excessive resource consumption", }, { cve: "CVE-2019-10173", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, discovery_date: "2019-06-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1722971", }, ], notes: [ { category: "description", text: "It was found that xstream API version 1.4.10 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. This a regression of CVE-2013-7285 fixed in 1.4.7 (fixed) as of BPMS 6.0.1, the regression was introduced with xstream-1.4.10 implemented in RHPAM.", title: "Vulnerability description", }, { category: "summary", text: "xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-10173", }, { category: "external", summary: "RHBZ#1722971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1722971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-10173", url: "https://www.cve.org/CVERecord?id=CVE-2019-10173", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-10173", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-10173", }, { category: "external", summary: "http://x-stream.github.io/changes.html#1.4.11", url: "http://x-stream.github.io/changes.html#1.4.11", }, ], release_date: "2018-10-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)", }, { acknowledgments: [ { names: [ "Jeremy Choi", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2019-14860", cwe: { id: "CWE-942", name: "Permissive Cross-domain Policy with Untrusted Domains", }, discovery_date: "2019-10-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1761912", }, ], notes: [ { category: "description", text: "It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information.", title: "Vulnerability description", }, { category: "summary", text: "syndesis: default CORS configuration is allow all", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-14860", }, { category: "external", summary: "RHBZ#1761912", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1761912", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-14860", url: "https://www.cve.org/CVERecord?id=CVE-2019-14860", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-14860", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-14860", }, ], release_date: "2019-10-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "syndesis: default CORS configuration is allow all", }, { cve: "CVE-2019-16869", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2019-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1758619", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers", title: "Vulnerability summary", }, { category: "other", text: "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch's security team has stated that this vulnerability does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit these vulnerabilities on OpenShift Container Platform, so we're reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.5.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-16869", }, { category: "external", summary: "RHBZ#1758619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1758619", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-16869", url: "https://www.cve.org/CVERecord?id=CVE-2019-16869", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-16869", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-16869", }, ], release_date: "2019-09-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-14T21:17:38+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.5.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/", product_ids: [ "Red Hat Fuse 7.5.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { category: "workaround", details: "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings", product_ids: [ "Red Hat Fuse 7.5.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.5.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers", }, ], }
ghsa-2hw2-62cp-p9p7
Vulnerability from github
Published
2019-05-29 18:54
Modified
2021-07-27 20:54
Severity ?
Summary
Access control bypass in Apache ZooKeeper
Details
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper?s getACL() command doesn?t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.
{ affected: [ { package: { ecosystem: "Maven", name: "org.apache.zookeeper:zookeeper", }, ranges: [ { events: [ { introduced: "1.0.0", }, { fixed: "3.4.14", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "Maven", name: "org.apache.zookeeper:zookeeper", }, ranges: [ { events: [ { introduced: "3.5.0", }, { fixed: "3.5.5", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2019-0201", ], database_specific: { cwe_ids: [ "CWE-862", ], github_reviewed: true, github_reviewed_at: "2019-05-29T18:53:55Z", nvd_published_at: "2019-05-23T14:29:00Z", severity: "MODERATE", }, details: "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper?s getACL() command doesn?t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.", id: "GHSA-2hw2-62cp-p9p7", modified: "2021-07-27T20:54:44Z", published: "2019-05-29T18:54:11Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-0201", }, { type: "WEB", url: "https://zookeeper.apache.org/security.html#CVE-2019-0201", }, { type: "WEB", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { type: "WEB", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { type: "WEB", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { type: "WEB", url: "https://www.debian.org/security/2019/dsa-4461", }, { type: "WEB", url: "https://security.netapp.com/advisory/ntap-20190619-0001", }, { type: "WEB", url: "https://seclists.org/bugtraq/2019/Jun/13", }, { type: "WEB", url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b@%3Ccommon-issues.hadoop.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391@%3Cissues.bookkeeper.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a@%3Ccommits.accumulo.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E", }, { type: "WEB", url: "https://issues.apache.org/jira/browse/ZOOKEEPER-1392", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2019:4352", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { type: "WEB", url: "http://www.securityfocus.com/bid/108427", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", type: "CVSS_V3", }, ], summary: "Access control bypass in Apache ZooKeeper", }
gsd-2019-0201
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.
Aliases
Aliases
{ GSD: { alias: "CVE-2019-0201", description: "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.", id: "GSD-2019-0201", references: [ "https://www.suse.com/security/cve/CVE-2019-0201.html", "https://www.debian.org/security/2019/dsa-4461", "https://access.redhat.com/errata/RHSA-2019:4352", "https://access.redhat.com/errata/RHSA-2019:3892", "https://access.redhat.com/errata/RHSA-2019:3140", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2019-0201", ], details: "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.", id: "GSD-2019-0201", modified: "2023-12-13T01:23:39.988214Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2019-0201", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache ZooKeeper", version: { version_data: [ { version_value: "1.0.0 to 3.4.13", }, { version_value: "3.5.0-alpha to 3.5.4-beta", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "108427", refsource: "BID", url: "http://www.securityfocus.com/bid/108427", }, { name: "[debian-lts-announce] 20190524 [SECURITY] [DLA 1801-1] zookeeper security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html", }, { name: "[bookkeeper-issues] 20190531 [GitHub] [bookkeeper] eolivelli opened a new issue #2106: Update ZookKeeper dependency to 3.5.5", refsource: "MLIST", url: "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391@%3Cissues.bookkeeper.apache.org%3E", }, { name: "[accumulo-commits] 20190605 [accumulo] branch 2.0 updated: Update ZooKeeper (CVE-2019-0201)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a@%3Ccommits.accumulo.apache.org%3E", }, { name: "DSA-4461", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4461", }, { name: "20190612 [SECURITY] [DSA 4461-1] zookeeper security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Jun/13", }, { name: "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", refsource: "MLIST", url: "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E", }, { name: "RHSA-2019:3140", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2019:3892", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { name: "RHSA-2019:4352", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:4352", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://issues.apache.org/jira/browse/ZOOKEEPER-1392", refsource: "MISC", url: "https://issues.apache.org/jira/browse/ZOOKEEPER-1392", }, { name: "https://zookeeper.apache.org/security.html#CVE-2019-0201", refsource: "CONFIRM", url: "https://zookeeper.apache.org/security.html#CVE-2019-0201", }, { name: "https://security.netapp.com/advisory/ntap-20190619-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190619-0001/", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "[hadoop-common-issues] 20210816 [GitHub] [hadoop] iwasakims opened a new pull request #3308: HADOOP-17850. Upgrade ZooKeeper to 3.4.14 in branch-3.2.", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b@%3Ccommon-issues.hadoop.apache.org%3E", }, ], }, }, "gitlab.com": { advisories: [ { affected_range: "[1.0.0,3.4.13],[3.5.0,3.5.4]", affected_versions: "All versions starting from 1.0.0 up to 3.4.13, all versions starting from 3.5.0 up to 3.5.4", credit: "Harrison Neal, PatchAdvisor, Inc", cvss_v2: "AV:N/AC:M/Au:N/C:P/I:N/A:N", cvss_v3: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", cwe_ids: [ "CWE-1035", "CWE-862", "CWE-937", ], date: "2019-11-15", description: "ZooKeeper's `getACL()` command does not check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. `DigestAuthenticationProvider` overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by `getACL()` request for unauthenticated or unprivileged users.", fixed_versions: [ "3.4.14", "3.5.5", ], identifier: "CVE-2019-0201", identifiers: [ "CVE-2019-0201", ], not_impacted: "All versions before 1.0.0, all versions after 3.4.13 before 3.5.0, all versions after 3.5.4", package_slug: "maven/org.apache.zookeeper/zookeeper", pubdate: "2019-05-23", solution: "Upgrade to versions 3.4.14, 3.5.5 or above.", title: "Information disclosure", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2019-0201", "http://www.securityfocus.com/bid/108427", "https://issues.apache.org/jira/browse/ZOOKEEPER-1392", "https://zookeeper.apache.org/security.html#CVE-2019-0201", "https://www.openwall.com/lists/oss-security/2019/05/20/1", ], uuid: "7b183c9b-19a9-4d64-833a-902bd7ec47ff", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apache:activemq:5.15.9:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:drill:1.16.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "3.4.13", versionStartIncluding: "1.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:zookeeper:3.5.0:-:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:zookeeper:3.5.0:alpha:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:zookeeper:3.5.0:rc0:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:zookeeper:3.5.1:-:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:zookeeper:3.5.1:alpha:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:zookeeper:3.5.1:rc0:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:zookeeper:3.5.1:rc1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:zookeeper:3.5.1:rc2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:zookeeper:3.5.1:rc3:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:zookeeper:3.5.1:rc4:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:zookeeper:3.5.2:-:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:zookeeper:3.5.2:alpha:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:zookeeper:3.5.2:rc0:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:zookeeper:3.5.2:rc1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:zookeeper:3.5.3:-:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:zookeeper:3.5.3:beta:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:zookeeper:3.5.3:rc0:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:zookeeper:3.5.3:rc1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:zookeeper:3.5.4:beta:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:redhat:fuse:1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "19.1.0.0.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:siebel_core_-_server_framework:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "21.5", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "18.1.3.1.0", vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2019-0201", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-862", }, ], }, ], }, references: { reference_data: [ { name: "https://zookeeper.apache.org/security.html#CVE-2019-0201", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "https://zookeeper.apache.org/security.html#CVE-2019-0201", }, { name: "https://issues.apache.org/jira/browse/ZOOKEEPER-1392", refsource: "MISC", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/ZOOKEEPER-1392", }, { name: "108427", refsource: "BID", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108427", }, { name: "[debian-lts-announce] 20190524 [SECURITY] [DLA 1801-1] zookeeper security update", refsource: "MLIST", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html", }, { name: "[bookkeeper-issues] 20190531 [GitHub] [bookkeeper] eolivelli opened a new issue #2106: Update ZookKeeper dependency to 3.5.5", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391@%3Cissues.bookkeeper.apache.org%3E", }, { name: "[accumulo-commits] 20190605 [accumulo] branch 2.0 updated: Update ZooKeeper (CVE-2019-0201)", refsource: "MLIST", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a@%3Ccommits.accumulo.apache.org%3E", }, { name: "DSA-4461", refsource: "DEBIAN", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4461", }, { name: "20190612 [SECURITY] [DSA 4461-1] zookeeper security update", refsource: "BUGTRAQ", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jun/13", }, { name: "https://security.netapp.com/advisory/ntap-20190619-0001/", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190619-0001/", }, { name: "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E", }, { name: "RHSA-2019:3140", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2019:3892", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { name: "RHSA-2019:4352", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:4352", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "N/A", refsource: "N/A", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "[hadoop-common-issues] 20210816 [GitHub] [hadoop] iwasakims opened a new pull request #3308: HADOOP-17850. Upgrade ZooKeeper to 3.4.14 in branch-3.2.", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b@%3Ccommon-issues.hadoop.apache.org%3E", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, }, }, lastModifiedDate: "2022-04-19T15:35Z", publishedDate: "2019-05-23T14:29Z", }, }, }
fkie_cve-2019-0201
Vulnerability from fkie_nvd
Published
2019-05-23 14:29
Modified
2024-11-21 04:16
Severity ?
Summary
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | activemq | 5.15.9 | |
| apache | drill | 1.16.0 | |
| apache | zookeeper | * | |
| apache | zookeeper | 3.5.0 | |
| apache | zookeeper | 3.5.0 | |
| apache | zookeeper | 3.5.0 | |
| apache | zookeeper | 3.5.1 | |
| apache | zookeeper | 3.5.1 | |
| apache | zookeeper | 3.5.1 | |
| apache | zookeeper | 3.5.1 | |
| apache | zookeeper | 3.5.1 | |
| apache | zookeeper | 3.5.1 | |
| apache | zookeeper | 3.5.1 | |
| apache | zookeeper | 3.5.2 | |
| apache | zookeeper | 3.5.2 | |
| apache | zookeeper | 3.5.2 | |
| apache | zookeeper | 3.5.2 | |
| apache | zookeeper | 3.5.3 | |
| apache | zookeeper | 3.5.3 | |
| apache | zookeeper | 3.5.3 | |
| apache | zookeeper | 3.5.3 | |
| apache | zookeeper | 3.5.4 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| redhat | fuse | 1.0.0 | |
| oracle | goldengate_stream_analytics | * | |
| oracle | siebel_core_-_server_framework | * | |
| oracle | timesten_in-memory_database | * | |
| netapp | hci_bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | element_software | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:activemq:5.15.9:*:*:*:*:*:*:*", matchCriteriaId: "70B11FEF-4CBF-4483-A5BD-CDA5AFAE52AE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:drill:1.16.0:*:*:*:*:*:*:*", matchCriteriaId: "235DC57F-22B8-4219-9499-7D005D90A654", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*", matchCriteriaId: "19FD698D-914D-46C3-810B-F749CD0C0DE8", versionEndIncluding: "3.4.13", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.0:-:*:*:*:*:*:*", matchCriteriaId: "3B1074FD-02DC-4CDC-A8F2-4CE0827539B6", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.0:alpha:*:*:*:*:*:*", matchCriteriaId: "2F0F84E2-88CE-4350-B342-DA761D43682E", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.0:rc0:*:*:*:*:*:*", matchCriteriaId: "ACB3229A-F1BA-4AA7-916A-9061BE561AD4", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.1:-:*:*:*:*:*:*", matchCriteriaId: "0E5C9D62-F9A2-4961-8440-9DF6F5C213D8", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.1:alpha:*:*:*:*:*:*", matchCriteriaId: "A0C88D5A-86CD-41D3-B453-6060482E84E3", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.1:rc0:*:*:*:*:*:*", matchCriteriaId: "24BEEE1F-5408-43F8-B662-B826349E97D8", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.1:rc1:*:*:*:*:*:*", matchCriteriaId: "4031DB88-F356-458F-BC77-91B62744A466", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.1:rc2:*:*:*:*:*:*", matchCriteriaId: "AB019BEC-6C42-4A51-9C45-389B6529CE96", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.1:rc3:*:*:*:*:*:*", matchCriteriaId: "107E465A-A904-4198-8171-3D764B9F1C19", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.1:rc4:*:*:*:*:*:*", matchCriteriaId: "D5DE5D25-B8A9-4172-80FF-D430D47AE96A", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.2:-:*:*:*:*:*:*", matchCriteriaId: "3E2EB460-5B43-42E3-98AF-FB08B0C94957", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.2:alpha:*:*:*:*:*:*", matchCriteriaId: "9C89705C-D40E-4C7D-A019-809D32AC1A98", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.2:rc0:*:*:*:*:*:*", matchCriteriaId: "738C3017-324B-46AB-8D71-5202E31DBC97", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.2:rc1:*:*:*:*:*:*", matchCriteriaId: "39BE8DA0-6839-4E59-838F-E0D6A4F96D3B", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.3:-:*:*:*:*:*:*", matchCriteriaId: "09C66E38-BDA9-42A6-8DBE-4E8781AE8394", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.3:beta:*:*:*:*:*:*", matchCriteriaId: "81C99F52-0D85-41C8-A0DA-CE29C917ADDC", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.3:rc0:*:*:*:*:*:*", matchCriteriaId: "9B94B4B9-2B39-4879-BC68-2E4DEC57650D", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.3:rc1:*:*:*:*:*:*", matchCriteriaId: "3E6AADAF-368B-4143-AE49-736A4101D732", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.4:beta:*:*:*:*:*:*", matchCriteriaId: "C392B5BC-1B19-49CB-B43F-D485EC4DC094", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:fuse:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "0F31D7E8-D31D-4268-9ABF-3733915AA226", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "F4E7F2AA-B851-4D85-9895-2CDD6BE9FCB4", versionEndExcluding: "19.1.0.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_core_-_server_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "F9C855EA-6E35-4EFF-ADEB-0EDFF90272BD", versionEndIncluding: "21.5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", matchCriteriaId: "3CFFA207-BDA9-4088-890E-99D9A30421D8", versionEndExcluding: "18.1.3.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.", }, { lang: "es", value: "Hay un problema presente en Apache ZooKeeper 1.0.0 a 3.4.13 y 3.5.0-alpha a 3.5.4-beta. El comando getACL () de ZooKeeper no verifica ningún permiso cuando recupera las ACL del nodo solicitado y devuelve toda la información contenida en el campo Id. De ACL como cadena de texto sin formato. DigestAuthenticationProvider sobrecarga el campo Id con el valor hash que se utiliza para la autenticación del usuario. Como consecuencia, si la autenticación implícita está en uso, el valor hash sin sal será revelado por la solicitud getACL () para usuarios no autenticados o no privilegiados.", }, ], id: "CVE-2019-0201", lastModified: "2024-11-21T04:16:28.487", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-23T14:29:07.517", references: [ { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108427", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:4352", }, { source: "security@apache.org", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/ZOOKEEPER-1392", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jun/13", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190619-0001/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4461", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security@apache.org", tags: [ "Vendor Advisory", ], url: "https://zookeeper.apache.org/security.html#CVE-2019-0201", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108427", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:4352", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/ZOOKEEPER-1392", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jun/13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190619-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4461", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://zookeeper.apache.org/security.html#CVE-2019-0201", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.