{"id":"SUSE-SU-2020:0311-1","summary":"Security update for crowbar-core, crowbar-openstack, openstack-neutron-fwaas, rubygem-crowbar-client","details":"This update for crowbar-core, crowbar-openstack, openstack-neutron-fwaas, rubygem-crowbar-client  contains the following fixes:\n\nSecurity fixes for rubygem-crowbar-client:\n\n- CVE-2018-17954: Fixed an issue where crowbar was leaking the secret admin passwords to all nodes (bsc#1117080)\n\nChanges in crowbar-core:\n- Update to version 4.0+git.1578392992.fabfd186c:\n  * Avoid nil crash when provisioner attributes are not set (bsc#1160048)\n\n- Update to version 4.0+git.1578294389.acc7385d5:\n  * Adding CVE-2019-16770 to the ignore list, regarding SOC-10999.\n\nChanges in crowbar-openstack:\n- Update to version 4.0+git.1579171175.d53ab6363:\n  * tempest: tempest run filters as templates (SOC-11052)\n  * Add tempest filters based on services (SOC-9801)\n\nChanges in openstack-neutron-fwaas:\n- Remove the patch that was deleting the tempest entry point and enable tempest tests.\n","modified":"2026-02-04T03:38:17.003196Z","published":"2020-02-03T17:18:32Z","related":["CVE-2018-17954","CVE-2019-16770"],"upstream":["CVE-2018-17954","CVE-2019-16770"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-20200311-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1117080"},{"type":"REPORT","url":"https://bugzilla.suse.com/1160048"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17954"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-16770"}],"affected":[{"package":{"name":"crowbar-core","ecosystem":"SUSE:OpenStack Cloud 7","purl":"pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%207"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0+git.1578392992.fabfd186c-9.63.1"}]}],"ecosystem_specific":{"binaries":[{"crowbar-openstack":"4.0+git.1579171175.d53ab6363-9.68.1","crowbar-core":"4.0+git.1578392992.fabfd186c-9.63.1","openstack-neutron-fwaas-doc":"9.0.2~dev5-4.6.1","ruby2.1-rubygem-crowbar-client":"3.9.1-7.17.1","python-neutron-fwaas":"9.0.2~dev5-4.6.1","crowbar-core-branding-upstream":"4.0+git.1578392992.fabfd186c-9.63.1","openstack-neutron-fwaas":"9.0.2~dev5-4.6.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:0311-1.json"}},{"package":{"name":"crowbar-openstack","ecosystem":"SUSE:OpenStack Cloud 7","purl":"pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%207"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0+git.1579171175.d53ab6363-9.68.1"}]}],"ecosystem_specific":{"binaries":[{"crowbar-openstack":"4.0+git.1579171175.d53ab6363-9.68.1","crowbar-core":"4.0+git.1578392992.fabfd186c-9.63.1","openstack-neutron-fwaas-doc":"9.0.2~dev5-4.6.1","ruby2.1-rubygem-crowbar-client":"3.9.1-7.17.1","python-neutron-fwaas":"9.0.2~dev5-4.6.1","crowbar-core-branding-upstream":"4.0+git.1578392992.fabfd186c-9.63.1","openstack-neutron-fwaas":"9.0.2~dev5-4.6.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:0311-1.json"}},{"package":{"name":"openstack-neutron-fwaas","ecosystem":"SUSE:OpenStack Cloud 7","purl":"pkg:rpm/suse/openstack-neutron-fwaas&distro=SUSE%20OpenStack%20Cloud%207"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.0.2~dev5-4.6.1"}]}],"ecosystem_specific":{"binaries":[{"crowbar-openstack":"4.0+git.1579171175.d53ab6363-9.68.1","crowbar-core":"4.0+git.1578392992.fabfd186c-9.63.1","openstack-neutron-fwaas-doc":"9.0.2~dev5-4.6.1","ruby2.1-rubygem-crowbar-client":"3.9.1-7.17.1","python-neutron-fwaas":"9.0.2~dev5-4.6.1","crowbar-core-branding-upstream":"4.0+git.1578392992.fabfd186c-9.63.1","openstack-neutron-fwaas":"9.0.2~dev5-4.6.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:0311-1.json"}},{"package":{"name":"openstack-neutron-fwaas-doc","ecosystem":"SUSE:OpenStack Cloud 7","purl":"pkg:rpm/suse/openstack-neutron-fwaas-doc&distro=SUSE%20OpenStack%20Cloud%207"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.0.2~dev5-4.6.1"}]}],"ecosystem_specific":{"binaries":[{"crowbar-openstack":"4.0+git.1579171175.d53ab6363-9.68.1","crowbar-core":"4.0+git.1578392992.fabfd186c-9.63.1","openstack-neutron-fwaas-doc":"9.0.2~dev5-4.6.1","ruby2.1-rubygem-crowbar-client":"3.9.1-7.17.1","python-neutron-fwaas":"9.0.2~dev5-4.6.1","crowbar-core-branding-upstream":"4.0+git.1578392992.fabfd186c-9.63.1","openstack-neutron-fwaas":"9.0.2~dev5-4.6.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:0311-1.json"}},{"package":{"name":"rubygem-crowbar-client","ecosystem":"SUSE:OpenStack Cloud 7","purl":"pkg:rpm/suse/rubygem-crowbar-client&distro=SUSE%20OpenStack%20Cloud%207"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.9.1-7.17.1"}]}],"ecosystem_specific":{"binaries":[{"crowbar-openstack":"4.0+git.1579171175.d53ab6363-9.68.1","crowbar-core":"4.0+git.1578392992.fabfd186c-9.63.1","openstack-neutron-fwaas-doc":"9.0.2~dev5-4.6.1","ruby2.1-rubygem-crowbar-client":"3.9.1-7.17.1","python-neutron-fwaas":"9.0.2~dev5-4.6.1","crowbar-core-branding-upstream":"4.0+git.1578392992.fabfd186c-9.63.1","openstack-neutron-fwaas":"9.0.2~dev5-4.6.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:0311-1.json"}}],"schema_version":"1.7.3"}