SUSE-SU-2018:3563-1
- Source
- https://www.suse.com/support/update/announcement/2018/suse-su-20183563-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:3563-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2018:3563-1
- Upstream
- Related
- Published
- 2018-10-30T06:10:54Z
- Modified
- 2025-05-08T17:04:08.629273Z
- Summary
- Security update for ardana-monasca, ardana-spark, kafka, kafka-kit, openstack-monasca-api
- Details
-
This update for ardana-monasca, ardana-spark, kafka, kafka-kit, openstack-monasca-api fixes the following issues:
This update for ardana-monasca to version 8.0+git.1535031421.9262a47 fixes these issues:
- Requests Apache to reload on change (bsc#1102662)
- Avoids managing non-Monasca users (bsc#1102662)
- Line up perms on storm.conf to match rpm (bsc#1094971)
This update for ardana-spark to version 8.0+git.1532114050.04654a8 fixes this issue:
- Only set log dir perms on legacy install (bsc#1094851)
This update for kafka to version 0.10.2.2 fixes this security issue:
- CVE-2018-1288: Authenticated Kafka users may have performed action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss (bsc#1102920).
This update for kafka to version 0.10.2.2 fixes these non-security issues:
- set internal.leave.group.on.close to false in KafkaStreams
- Improve message for Kafka failed startup with non-Kafka data in data.dirs
- add maxnumber _ofretries to exponential backoff strategy
- Mute logger for reflections.org at the warn level in system tests
- Kafka connect: error with special characters in connector name
- streams task gets stuck after re-balance due to LockException
- CachingSessionStore doesn't use the default keySerde.
- RocksDBSessionStore doesn't use default aggSerde.
- Recommended values for Connect transformations contain the wrong class name
- Kafka broker fails to start if a topic containing dot in its name is marked for delete but hasn't been deleted during previous uptime
- GlobalKTable does not checkpoint offsets after restoring state
- Log cleaning can increase message size and cause cleaner to crash with buffer overflow
- Some socket connections not closed after restart of Kafka Streams
- Distributed Herder Deadlocks on Shutdown
- Log cleaner fails due to large offset in segment file
- StreamsKafkaClient should not use StreamsConfig.POLLMSCONFIG
- Refactor kafkatest docker support
- ducktape kafka service: do not assume Service contains num_nodes
- Using DUCKTAPEOPTIONS has no effect on executing tests
- Connect WorkerSinkTask out of order offset commit can lead to inconsistent state
- RocksDB segments not removed when store is closed causes re-initialization to fail
- FetchMetadata creates unneeded Strings on instantiation
- SourceTask#stop() not called after exception raised in poll()
- Sink connectors that explicitly 'resume' topic partitions can resume a paused task
- GlobalStateManagerImpl should not write offsets of in-memory stores in checkpoint file
- Source KTable checkpoint is not correct
- ConnectSchema#equals() broken for array-typed default values
This update for openstack-monasca-api to version 2.2.1~dev24 fixes these issues:
- devstack: download storm from archive.apache.org
- Backport tempest test robustness improvements
- 1724543-fixed kafka partition creation error in devstack installation
- Fix:No alarms created if metric name in alarm def. expr. is mix case
- Zuul: Remove project name
- Run against Pike requirements
- References
Affected packages
SUSE:HPE Helion OpenStack 8
ardana-monasca
Package
- Name
- ardana-monasca
- Purl
- pkg:rpm/suse/ardana-monasca&distro=HPE%20Helion%20OpenStack%208
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.0+git.1535031421.9262a47-3.12.1
ardana-spark
Package
- Name
- ardana-spark
- Purl
- pkg:rpm/suse/ardana-spark&distro=HPE%20Helion%20OpenStack%208
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.0+git.1534267176.a5f3a22-3.6.1
kafka
Package
- Name
- kafka
- Purl
- pkg:rpm/suse/kafka&distro=HPE%20Helion%20OpenStack%208
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.10.2.2-5.6.1
openstack-monasca-api
Package
- Name
- openstack-monasca-api
- Purl
- pkg:rpm/suse/openstack-monasca-api&distro=HPE%20Helion%20OpenStack%208
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.1~dev24-3.6.1
SUSE:OpenStack Cloud 8
ardana-monasca
Package
- Name
- ardana-monasca
- Purl
- pkg:rpm/suse/ardana-monasca&distro=SUSE%20OpenStack%20Cloud%208
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.0+git.1535031421.9262a47-3.12.1
ardana-spark
Package
- Name
- ardana-spark
- Purl
- pkg:rpm/suse/ardana-spark&distro=SUSE%20OpenStack%20Cloud%208
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.0+git.1534267176.a5f3a22-3.6.1
kafka
Package
- Name
- kafka
- Purl
- pkg:rpm/suse/kafka&distro=SUSE%20OpenStack%20Cloud%208
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.10.2.2-5.6.1
openstack-monasca-api
Package
- Name
- openstack-monasca-api
- Purl
- pkg:rpm/suse/openstack-monasca-api&distro=SUSE%20OpenStack%20Cloud%208
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.1~dev24-3.6.1
SUSE:OpenStack Cloud Crowbar 8
kafka
Package
- Name
- kafka
- Purl
- pkg:rpm/suse/kafka&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.10.2.2-5.6.1
openstack-monasca-api
Package
- Name
- openstack-monasca-api
- Purl
- pkg:rpm/suse/openstack-monasca-api&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.1~dev24-3.6.1