Security update for Cloud Compute 12 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:1666-1 Final 1 1 2015-09-23T01:53:39Z current 2015-09-23T01:53:39Z 2015-09-23T01:53:39Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Cloud Compute 12 This collective update for the Cloud Compute 12 Module provides several fixes and enhancements. openstack-suse: - Do not copy upstream Python requirements to the package. (bsc#920573) openstack-nova: - Fix metadata not returning just instance private IP. (bsc#934523) - Enable tenant/user specific instance filtering. (bsc#927625) - Cleanup allocated networks after rescheduling. (bsc#931839) - Fix instance filtering. (bsc#927625) - Websocket Proxy should verify Origin header to prevent Cross-Site WebSocket hijacking. (bsc#917091, CVE-2015-0259) openstack-neutron: - Change neutron-ha-tool to read password from /etc/neutron/os_password. (bsc#922751) - Change port status when it is bound. (bsc#926773) - Require conntrack-tools for SLE12. (bsc#944339) - Allow images with existing routes in the network 169.254.0.0/16 to access metadata server. (bsc#915245) openstack-ceilometer: - Fix issue when ceilometer-expirer is called from the wrong user via cronjob and the resulting logs end up having wrong ownership. (bsc#930574) - Move the cron job to collector package. (bsc#926596) For a comprehensive list of changes, please refer to the packages' change log. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE12-CLOUD-5-2015-629 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20151666-1/ Link for SUSE-SU-2015:1666-1 https://lists.suse.com/pipermail/sle-security-updates/2015-October/001608.html E-Mail link for SUSE-SU-2015:1666-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/915245 SUSE Bug 915245 https://bugzilla.suse.com/917091 SUSE Bug 917091 https://bugzilla.suse.com/920573 SUSE Bug 920573 https://bugzilla.suse.com/922751 SUSE Bug 922751 https://bugzilla.suse.com/926596 SUSE Bug 926596 https://bugzilla.suse.com/926773 SUSE Bug 926773 https://bugzilla.suse.com/927625 SUSE Bug 927625 https://bugzilla.suse.com/930574 SUSE Bug 930574 https://bugzilla.suse.com/931839 SUSE Bug 931839 https://bugzilla.suse.com/934523 SUSE Bug 934523 https://bugzilla.suse.com/944339 SUSE Bug 944339 https://www.suse.com/security/cve/CVE-2015-0259/ SUSE CVE CVE-2015-0259 page SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 openstack-ceilometer-2014.2.4.dev18-3.2 openstack-ceilometer-agent-compute-2014.2.4.dev18-3.2 openstack-neutron-2014.2.4~a0~dev78-7.2 openstack-neutron-dhcp-agent-2014.2.4~a0~dev78-7.2 openstack-neutron-ha-tool-2014.2.4~a0~dev78-7.2 openstack-neutron-l3-agent-2014.2.4~a0~dev78-7.2 openstack-neutron-lbaas-agent-2014.2.4~a0~dev78-7.2 openstack-neutron-linuxbridge-agent-2014.2.4~a0~dev78-7.2 openstack-neutron-metadata-agent-2014.2.4~a0~dev78-7.2 openstack-neutron-metering-agent-2014.2.4~a0~dev78-7.2 openstack-neutron-openvswitch-agent-2014.2.4~a0~dev78-7.2 openstack-neutron-vpn-agent-2014.2.4~a0~dev78-7.2 openstack-nova-2014.2.4~a0~dev61-6.2 openstack-nova-compute-2014.2.4~a0~dev61-6.2 openstack-suse-sudo-2014.2-5.1 python-ceilometer-2014.2.4.dev18-3.2 python-neutron-2014.2.4~a0~dev78-7.2 python-nova-2014.2.4~a0~dev61-6.2 openstack-ceilometer-2014.2.4.dev18-3.2 as a component of SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 openstack-ceilometer-agent-compute-2014.2.4.dev18-3.2 as a component of SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 openstack-neutron-2014.2.4~a0~dev78-7.2 as a component of SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 openstack-neutron-dhcp-agent-2014.2.4~a0~dev78-7.2 as a component of SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 openstack-neutron-ha-tool-2014.2.4~a0~dev78-7.2 as a component of SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 openstack-neutron-l3-agent-2014.2.4~a0~dev78-7.2 as a component of SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 openstack-neutron-lbaas-agent-2014.2.4~a0~dev78-7.2 as a component of SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 openstack-neutron-linuxbridge-agent-2014.2.4~a0~dev78-7.2 as a component of SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 openstack-neutron-metadata-agent-2014.2.4~a0~dev78-7.2 as a component of SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 openstack-neutron-metering-agent-2014.2.4~a0~dev78-7.2 as a component of SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 openstack-neutron-openvswitch-agent-2014.2.4~a0~dev78-7.2 as a component of SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 openstack-neutron-vpn-agent-2014.2.4~a0~dev78-7.2 as a component of SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 openstack-nova-2014.2.4~a0~dev61-6.2 as a component of SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 openstack-nova-compute-2014.2.4~a0~dev61-6.2 as a component of SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 openstack-suse-sudo-2014.2-5.1 as a component of SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 python-ceilometer-2014.2.4.dev18-3.2 as a component of SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 python-neutron-2014.2.4~a0~dev78-7.2 as a component of SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 python-nova-2014.2.4~a0~dev61-6.2 as a component of SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage. CVE-2015-0259 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:openstack-ceilometer-2014.2.4.dev18-3.2 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:openstack-ceilometer-agent-compute-2014.2.4.dev18-3.2 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:openstack-neutron-2014.2.4~a0~dev78-7.2 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:openstack-neutron-dhcp-agent-2014.2.4~a0~dev78-7.2 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:openstack-neutron-ha-tool-2014.2.4~a0~dev78-7.2 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:openstack-neutron-l3-agent-2014.2.4~a0~dev78-7.2 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:openstack-neutron-lbaas-agent-2014.2.4~a0~dev78-7.2 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:openstack-neutron-linuxbridge-agent-2014.2.4~a0~dev78-7.2 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:openstack-neutron-metadata-agent-2014.2.4~a0~dev78-7.2 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:openstack-neutron-metering-agent-2014.2.4~a0~dev78-7.2 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:openstack-neutron-openvswitch-agent-2014.2.4~a0~dev78-7.2 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:openstack-neutron-vpn-agent-2014.2.4~a0~dev78-7.2 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:openstack-nova-2014.2.4~a0~dev61-6.2 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:openstack-nova-compute-2014.2.4~a0~dev61-6.2 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:openstack-suse-sudo-2014.2-5.1 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:python-ceilometer-2014.2.4.dev18-3.2 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:python-neutron-2014.2.4~a0~dev78-7.2 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:python-nova-2014.2.4~a0~dev61-6.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151666-1/ https://www.suse.com/security/cve/CVE-2015-0259.html CVE-2015-0259 https://bugzilla.suse.com/917091 SUSE Bug 917091