Bump requirements to add os-vif CVE fix

Commit I616992cac978aa4a9b2bcff27a37953ddbb194ca in requirements contains a fix for OSSA-2019-004 / CVE-2019-15753, which users of neutron linuxbridge plugin should apply immediately. Related-Bug: #1837252 Change-Id: I9e6246970c55305ae8d300d796dbd17f00777cc8
2019-09-14 02:29:56 -05:00 · 2019-09-14 02:29:56 -05:00 · fdabf04869
parent 375dd34655
commit fdabf04869
2 changed files with 11 additions and 1 deletions
--- a/playbooks/defaults/repo_packages/openstack_services.yml
+++ b/playbooks/defaults/repo_packages/openstack_services.yml
@ -31,7 +31,7 @@

 ## Global Requirements
 requirements_git_repo: https://opendev.org/openstack/requirements
-requirements_git_install_branch: 00df062c5811566268ee3e007254fdcf485ee06f # HEAD as of 08.09.2019
+requirements_git_install_branch: 238bb754fb637c9f548b03af964f4e882d806b75
 requirements_git_track_branch: stable/stein


--- a/releasenotes/notes/os-vif-requirements-bump-4efd2a059938d3ad.yaml
+++ b/releasenotes/notes/os-vif-requirements-bump-4efd2a059938d3ad.yaml
@ -0,0 +1,10 @@
+---
+security:
+  - |
+    The requirements version has bumped to pull in os-vif 1.15.2, which contains
+    the fix for OSSA-2019-004 / CVE-2019-15753. Operators using linuxbridge
+    networking (the default in openstack-ansible) should update immediately.
+    The fixed package will be installed in the nova venv upon re-deployment
+    of nova using the os-nova-install.yml playbook. Afterwards, verify that
+    the ageing timer on neutron-controlled linux bridges displays as "300.00"
+    raher than "0.00" using ``brctl showstp <bridge name>``.