SUSE-SU-2018:3563-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2018/suse-su-20183563-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:3563-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2018:3563-1
Related
Published
2018-10-30T06:10:54Z
Modified
2018-10-30T06:10:54Z
Summary
Security update for ardana-monasca, ardana-spark, kafka, kafka-kit, openstack-monasca-api
Details

This update for ardana-monasca, ardana-spark, kafka, kafka-kit, openstack-monasca-api fixes the following issues:

This update for ardana-monasca to version 8.0+git.1535031421.9262a47 fixes these issues:

  • Requests Apache to reload on change (bsc#1102662)
  • Avoids managing non-Monasca users (bsc#1102662)
  • Line up perms on storm.conf to match rpm (bsc#1094971)

This update for ardana-spark to version 8.0+git.1532114050.04654a8 fixes this issue:

  • Only set log dir perms on legacy install (bsc#1094851)

This update for kafka to version 0.10.2.2 fixes this security issue:

  • CVE-2018-1288: Authenticated Kafka users may have performed action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss (bsc#1102920).

This update for kafka to version 0.10.2.2 fixes these non-security issues:

  • set internal.leave.group.on.close to false in KafkaStreams
  • Improve message for Kafka failed startup with non-Kafka data in data.dirs
  • add maxnumber _ofretries to exponential backoff strategy
  • Mute logger for reflections.org at the warn level in system tests
  • Kafka connect: error with special characters in connector name
  • streams task gets stuck after re-balance due to LockException
  • CachingSessionStore doesn't use the default keySerde.
  • RocksDBSessionStore doesn't use default aggSerde.
  • Recommended values for Connect transformations contain the wrong class name
  • Kafka broker fails to start if a topic containing dot in its name is marked for delete but hasn't been deleted during previous uptime
  • GlobalKTable does not checkpoint offsets after restoring state
  • Log cleaning can increase message size and cause cleaner to crash with buffer overflow
  • Some socket connections not closed after restart of Kafka Streams
  • Distributed Herder Deadlocks on Shutdown
  • Log cleaner fails due to large offset in segment file
  • StreamsKafkaClient should not use StreamsConfig.POLLMSCONFIG
  • Refactor kafkatest docker support
  • ducktape kafka service: do not assume Service contains num_nodes
  • Using DUCKTAPEOPTIONS has no effect on executing tests
  • Connect WorkerSinkTask out of order offset commit can lead to inconsistent state
  • RocksDB segments not removed when store is closed causes re-initialization to fail
  • FetchMetadata creates unneeded Strings on instantiation
  • SourceTask#stop() not called after exception raised in poll()
  • Sink connectors that explicitly 'resume' topic partitions can resume a paused task
  • GlobalStateManagerImpl should not write offsets of in-memory stores in checkpoint file
  • Source KTable checkpoint is not correct
  • ConnectSchema#equals() broken for array-typed default values

This update for openstack-monasca-api to version 2.2.1~dev24 fixes these issues:

  • devstack: download storm from archive.apache.org
  • Backport tempest test robustness improvements
  • 1724543-fixed kafka partition creation error in devstack installation
  • Fix:No alarms created if metric name in alarm def. expr. is mix case
  • Zuul: Remove project name
  • Run against Pike requirements
References

Affected packages

SUSE:HPE Helion OpenStack 8 / ardana-monasca

Package

Name
ardana-monasca
Purl
purl:rpm/suse/ardana-monasca&distro=HPE%20Helion%20OpenStack%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0+git.1535031421.9262a47-3.12.1

Ecosystem specific 

{
    "binaries": [
        {
            "ardana-monasca": "8.0+git.1535031421.9262a47-3.12.1",
            "openstack-monasca-api": "2.2.1~dev24-3.6.1",
            "python-monasca-api": "2.2.1~dev24-3.6.1",
            "kafka": "0.10.2.2-5.6.1",
            "ardana-spark": "8.0+git.1534267176.a5f3a22-3.6.1"
        }
    ]
}

SUSE:HPE Helion OpenStack 8 / ardana-spark

Package

Name
ardana-spark
Purl
purl:rpm/suse/ardana-spark&distro=HPE%20Helion%20OpenStack%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0+git.1534267176.a5f3a22-3.6.1

Ecosystem specific 

{
    "binaries": [
        {
            "ardana-monasca": "8.0+git.1535031421.9262a47-3.12.1",
            "openstack-monasca-api": "2.2.1~dev24-3.6.1",
            "python-monasca-api": "2.2.1~dev24-3.6.1",
            "kafka": "0.10.2.2-5.6.1",
            "ardana-spark": "8.0+git.1534267176.a5f3a22-3.6.1"
        }
    ]
}

SUSE:HPE Helion OpenStack 8 / kafka

Package

Name
kafka
Purl
purl:rpm/suse/kafka&distro=HPE%20Helion%20OpenStack%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.10.2.2-5.6.1

Ecosystem specific 

{
    "binaries": [
        {
            "ardana-monasca": "8.0+git.1535031421.9262a47-3.12.1",
            "openstack-monasca-api": "2.2.1~dev24-3.6.1",
            "python-monasca-api": "2.2.1~dev24-3.6.1",
            "kafka": "0.10.2.2-5.6.1",
            "ardana-spark": "8.0+git.1534267176.a5f3a22-3.6.1"
        }
    ]
}

SUSE:HPE Helion OpenStack 8 / openstack-monasca-api

Package

Name
openstack-monasca-api
Purl
purl:rpm/suse/openstack-monasca-api&distro=HPE%20Helion%20OpenStack%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.1~dev24-3.6.1

Ecosystem specific 

{
    "binaries": [
        {
            "ardana-monasca": "8.0+git.1535031421.9262a47-3.12.1",
            "openstack-monasca-api": "2.2.1~dev24-3.6.1",
            "python-monasca-api": "2.2.1~dev24-3.6.1",
            "kafka": "0.10.2.2-5.6.1",
            "ardana-spark": "8.0+git.1534267176.a5f3a22-3.6.1"
        }
    ]
}

SUSE:OpenStack Cloud 8 / ardana-monasca

Package

Name
ardana-monasca
Purl
purl:rpm/suse/ardana-monasca&distro=SUSE%20OpenStack%20Cloud%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0+git.1535031421.9262a47-3.12.1

Ecosystem specific 

{
    "binaries": [
        {
            "ardana-monasca": "8.0+git.1535031421.9262a47-3.12.1",
            "openstack-monasca-api": "2.2.1~dev24-3.6.1",
            "python-monasca-api": "2.2.1~dev24-3.6.1",
            "kafka": "0.10.2.2-5.6.1",
            "ardana-spark": "8.0+git.1534267176.a5f3a22-3.6.1"
        }
    ]
}

SUSE:OpenStack Cloud 8 / ardana-spark

Package

Name
ardana-spark
Purl
purl:rpm/suse/ardana-spark&distro=SUSE%20OpenStack%20Cloud%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0+git.1534267176.a5f3a22-3.6.1

Ecosystem specific 

{
    "binaries": [
        {
            "ardana-monasca": "8.0+git.1535031421.9262a47-3.12.1",
            "openstack-monasca-api": "2.2.1~dev24-3.6.1",
            "python-monasca-api": "2.2.1~dev24-3.6.1",
            "kafka": "0.10.2.2-5.6.1",
            "ardana-spark": "8.0+git.1534267176.a5f3a22-3.6.1"
        }
    ]
}

SUSE:OpenStack Cloud 8 / kafka

Package

Name
kafka
Purl
purl:rpm/suse/kafka&distro=SUSE%20OpenStack%20Cloud%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.10.2.2-5.6.1

Ecosystem specific 

{
    "binaries": [
        {
            "ardana-monasca": "8.0+git.1535031421.9262a47-3.12.1",
            "openstack-monasca-api": "2.2.1~dev24-3.6.1",
            "python-monasca-api": "2.2.1~dev24-3.6.1",
            "kafka": "0.10.2.2-5.6.1",
            "ardana-spark": "8.0+git.1534267176.a5f3a22-3.6.1"
        }
    ]
}

SUSE:OpenStack Cloud 8 / openstack-monasca-api

Package

Name
openstack-monasca-api
Purl
purl:rpm/suse/openstack-monasca-api&distro=SUSE%20OpenStack%20Cloud%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.1~dev24-3.6.1

Ecosystem specific 

{
    "binaries": [
        {
            "ardana-monasca": "8.0+git.1535031421.9262a47-3.12.1",
            "openstack-monasca-api": "2.2.1~dev24-3.6.1",
            "python-monasca-api": "2.2.1~dev24-3.6.1",
            "kafka": "0.10.2.2-5.6.1",
            "ardana-spark": "8.0+git.1534267176.a5f3a22-3.6.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 8 / kafka

Package

Name
kafka
Purl
purl:rpm/suse/kafka&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.10.2.2-5.6.1

Ecosystem specific 

{
    "binaries": [
        {
            "kafka": "0.10.2.2-5.6.1",
            "openstack-monasca-api": "2.2.1~dev24-3.6.1",
            "python-monasca-api": "2.2.1~dev24-3.6.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 8 / openstack-monasca-api

Package

Name
openstack-monasca-api
Purl
purl:rpm/suse/openstack-monasca-api&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.1~dev24-3.6.1

Ecosystem specific 

{
    "binaries": [
        {
            "kafka": "0.10.2.2-5.6.1",
            "openstack-monasca-api": "2.2.1~dev24-3.6.1",
            "python-monasca-api": "2.2.1~dev24-3.6.1"
        }
    ]
}