Security update for ardana-monasca, ardana-spark, kafka, kafka-kit, openstack-monasca-api SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:3563-1 Final 1 1 2018-10-30T06:10:54Z current 2018-10-30T06:10:54Z 2018-10-30T06:10:54Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ardana-monasca, ardana-spark, kafka, kafka-kit, openstack-monasca-api This update for ardana-monasca, ardana-spark, kafka, kafka-kit, openstack-monasca-api fixes the following issues: This update for ardana-monasca to version 8.0+git.1535031421.9262a47 fixes these issues: - Requests Apache to reload on change (bsc#1102662) - Avoids managing non-Monasca users (bsc#1102662) - Line up perms on storm.conf to match rpm (bsc#1094971) This update for ardana-spark to version 8.0+git.1532114050.04654a8 fixes this issue: - Only set log dir perms on legacy install (bsc#1094851) This update for kafka to version 0.10.2.2 fixes this security issue: - CVE-2018-1288: Authenticated Kafka users may have performed action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss (bsc#1102920). This update for kafka to version 0.10.2.2 fixes these non-security issues: - set internal.leave.group.on.close to false in KafkaStreams - Improve message for Kafka failed startup with non-Kafka data in data.dirs - add max_number _of_retries to exponential backoff strategy - Mute logger for reflections.org at the warn level in system tests - Kafka connect: error with special characters in connector name - streams task gets stuck after re-balance due to LockException - CachingSessionStore doesn't use the default keySerde. - RocksDBSessionStore doesn't use default aggSerde. - Recommended values for Connect transformations contain the wrong class name - Kafka broker fails to start if a topic containing dot in its name is marked for delete but hasn't been deleted during previous uptime - GlobalKTable does not checkpoint offsets after restoring state - Log cleaning can increase message size and cause cleaner to crash with buffer overflow - Some socket connections not closed after restart of Kafka Streams - Distributed Herder Deadlocks on Shutdown - Log cleaner fails due to large offset in segment file - StreamsKafkaClient should not use StreamsConfig.POLL_MS_CONFIG - Refactor kafkatest docker support - ducktape kafka service: do not assume Service contains num_nodes - Using _DUCKTAPE_OPTIONS has no effect on executing tests - Connect WorkerSinkTask out of order offset commit can lead to inconsistent state - RocksDB segments not removed when store is closed causes re-initialization to fail - FetchMetadata creates unneeded Strings on instantiation - SourceTask#stop() not called after exception raised in poll() - Sink connectors that explicitly 'resume' topic partitions can resume a paused task - GlobalStateManagerImpl should not write offsets of in-memory stores in checkpoint file - Source KTable checkpoint is not correct - ConnectSchema#equals() broken for array-typed default values This update for openstack-monasca-api to version 2.2.1~dev24 fixes these issues: - devstack: download storm from archive.apache.org - Backport tempest test robustness improvements - 1724543-fixed kafka partition creation error in devstack installation - Fix:No alarms created if metric name in alarm def. expr. is mix case - Zuul: Remove project name - Run against Pike requirements The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). HPE-Helion-OpenStack-8-2018-2523,SUSE-OpenStack-Cloud-8-2018-2523,SUSE-OpenStack-Cloud-Crowbar-8-2018-2523 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20183563-1/ Link for SUSE-SU-2018:3563-1 https://lists.suse.com/pipermail/sle-security-updates/2018-October/004812.html E-Mail link for SUSE-SU-2018:3563-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1094851 SUSE Bug 1094851 https://bugzilla.suse.com/1094971 SUSE Bug 1094971 https://bugzilla.suse.com/1102662 SUSE Bug 1102662 https://bugzilla.suse.com/1102920 SUSE Bug 1102920 https://www.suse.com/security/cve/CVE-2018-1288/ SUSE CVE CVE-2018-1288 page HPE Helion OpenStack 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ardana-monasca-8.0+git.1535031421.9262a47-3.12.1 ardana-spark-8.0+git.1534267176.a5f3a22-3.6.1 kafka-0.10.2.2-5.6.1 openstack-monasca-api-2.2.1~dev24-3.6.1 python-monasca-api-2.2.1~dev24-3.6.1 ardana-monasca-8.0+git.1535031421.9262a47-3.12.1 as a component of HPE Helion OpenStack 8 ardana-spark-8.0+git.1534267176.a5f3a22-3.6.1 as a component of HPE Helion OpenStack 8 kafka-0.10.2.2-5.6.1 as a component of HPE Helion OpenStack 8 openstack-monasca-api-2.2.1~dev24-3.6.1 as a component of HPE Helion OpenStack 8 python-monasca-api-2.2.1~dev24-3.6.1 as a component of HPE Helion OpenStack 8 ardana-monasca-8.0+git.1535031421.9262a47-3.12.1 as a component of SUSE OpenStack Cloud 8 ardana-spark-8.0+git.1534267176.a5f3a22-3.6.1 as a component of SUSE OpenStack Cloud 8 kafka-0.10.2.2-5.6.1 as a component of SUSE OpenStack Cloud 8 openstack-monasca-api-2.2.1~dev24-3.6.1 as a component of SUSE OpenStack Cloud 8 python-monasca-api-2.2.1~dev24-3.6.1 as a component of SUSE OpenStack Cloud 8 kafka-0.10.2.2-5.6.1 as a component of SUSE OpenStack Cloud Crowbar 8 openstack-monasca-api-2.2.1~dev24-3.6.1 as a component of SUSE OpenStack Cloud Crowbar 8 python-monasca-api-2.2.1~dev24-3.6.1 as a component of SUSE OpenStack Cloud Crowbar 8 In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss. CVE-2018-1288 HPE Helion OpenStack 8:ardana-monasca-8.0+git.1535031421.9262a47-3.12.1 HPE Helion OpenStack 8:ardana-spark-8.0+git.1534267176.a5f3a22-3.6.1 HPE Helion OpenStack 8:kafka-0.10.2.2-5.6.1 HPE Helion OpenStack 8:openstack-monasca-api-2.2.1~dev24-3.6.1 HPE Helion OpenStack 8:python-monasca-api-2.2.1~dev24-3.6.1 SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1535031421.9262a47-3.12.1 SUSE OpenStack Cloud 8:ardana-spark-8.0+git.1534267176.a5f3a22-3.6.1 SUSE OpenStack Cloud 8:kafka-0.10.2.2-5.6.1 SUSE OpenStack Cloud 8:openstack-monasca-api-2.2.1~dev24-3.6.1 SUSE OpenStack Cloud 8:python-monasca-api-2.2.1~dev24-3.6.1 SUSE OpenStack Cloud Crowbar 8:kafka-0.10.2.2-5.6.1 SUSE OpenStack Cloud Crowbar 8:openstack-monasca-api-2.2.1~dev24-3.6.1 SUSE OpenStack Cloud Crowbar 8:python-monasca-api-2.2.1~dev24-3.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183563-1/ https://www.suse.com/security/cve/CVE-2018-1288.html CVE-2018-1288 https://bugzilla.suse.com/1102920 SUSE Bug 1102920