From fdabf04869815c9f9ef5a92bca5c575dbb9e5239 Mon Sep 17 00:00:00 2001 From: Logan V Date: Sat, 14 Sep 2019 02:29:56 -0500 Subject: [PATCH] Bump requirements to add os-vif CVE fix Commit I616992cac978aa4a9b2bcff27a37953ddbb194ca in requirements contains a fix for OSSA-2019-004 / CVE-2019-15753, which users of neutron linuxbridge plugin should apply immediately. Related-Bug: #1837252 Change-Id: I9e6246970c55305ae8d300d796dbd17f00777cc8 --- .../defaults/repo_packages/openstack_services.yml | 2 +- .../os-vif-requirements-bump-4efd2a059938d3ad.yaml | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/os-vif-requirements-bump-4efd2a059938d3ad.yaml diff --git a/playbooks/defaults/repo_packages/openstack_services.yml b/playbooks/defaults/repo_packages/openstack_services.yml index 1a14886e01..14a29cf525 100644 --- a/playbooks/defaults/repo_packages/openstack_services.yml +++ b/playbooks/defaults/repo_packages/openstack_services.yml @@ -31,7 +31,7 @@ ## Global Requirements requirements_git_repo: https://opendev.org/openstack/requirements -requirements_git_install_branch: 00df062c5811566268ee3e007254fdcf485ee06f # HEAD as of 08.09.2019 +requirements_git_install_branch: 238bb754fb637c9f548b03af964f4e882d806b75 requirements_git_track_branch: stable/stein diff --git a/releasenotes/notes/os-vif-requirements-bump-4efd2a059938d3ad.yaml b/releasenotes/notes/os-vif-requirements-bump-4efd2a059938d3ad.yaml new file mode 100644 index 0000000000..371db0948a --- /dev/null +++ b/releasenotes/notes/os-vif-requirements-bump-4efd2a059938d3ad.yaml @@ -0,0 +1,10 @@ +--- +security: + - | + The requirements version has bumped to pull in os-vif 1.15.2, which contains + the fix for OSSA-2019-004 / CVE-2019-15753. Operators using linuxbridge + networking (the default in openstack-ansible) should update immediately. + The fixed package will be installed in the nova venv upon re-deployment + of nova using the os-nova-install.yml playbook. Afterwards, verify that + the ageing timer on neutron-controlled linux bridges displays as "300.00" + raher than "0.00" using ``brctl showstp ``.