{"affected":[{"ecosystem_specific":{"binaries":[{"ardana-monasca":"8.0+git.1535031421.9262a47-3.12.1","ardana-spark":"8.0+git.1534267176.a5f3a22-3.6.1","kafka":"0.10.2.2-5.6.1","openstack-monasca-api":"2.2.1~dev24-3.6.1","python-monasca-api":"2.2.1~dev24-3.6.1"}]},"package":{"ecosystem":"SUSE:HPE Helion OpenStack 8","name":"ardana-monasca","purl":"pkg:rpm/suse/ardana-monasca&distro=HPE%20Helion%20OpenStack%208"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"8.0+git.1535031421.9262a47-3.12.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ardana-monasca":"8.0+git.1535031421.9262a47-3.12.1","ardana-spark":"8.0+git.1534267176.a5f3a22-3.6.1","kafka":"0.10.2.2-5.6.1","openstack-monasca-api":"2.2.1~dev24-3.6.1","python-monasca-api":"2.2.1~dev24-3.6.1"}]},"package":{"ecosystem":"SUSE:HPE Helion OpenStack 8","name":"ardana-spark","purl":"pkg:rpm/suse/ardana-spark&distro=HPE%20Helion%20OpenStack%208"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"8.0+git.1534267176.a5f3a22-3.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ardana-monasca":"8.0+git.1535031421.9262a47-3.12.1","ardana-spark":"8.0+git.1534267176.a5f3a22-3.6.1","kafka":"0.10.2.2-5.6.1","openstack-monasca-api":"2.2.1~dev24-3.6.1","python-monasca-api":"2.2.1~dev24-3.6.1"}]},"package":{"ecosystem":"SUSE:HPE Helion OpenStack 8","name":"kafka","purl":"pkg:rpm/suse/kafka&distro=HPE%20Helion%20OpenStack%208"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.10.2.2-5.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ardana-monasca":"8.0+git.1535031421.9262a47-3.12.1","ardana-spark":"8.0+git.1534267176.a5f3a22-3.6.1","kafka":"0.10.2.2-5.6.1","openstack-monasca-api":"2.2.1~dev24-3.6.1","python-monasca-api":"2.2.1~dev24-3.6.1"}]},"package":{"ecosystem":"SUSE:HPE Helion OpenStack 8","name":"openstack-monasca-api","purl":"pkg:rpm/suse/openstack-monasca-api&distro=HPE%20Helion%20OpenStack%208"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.2.1~dev24-3.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ardana-monasca":"8.0+git.1535031421.9262a47-3.12.1","ardana-spark":"8.0+git.1534267176.a5f3a22-3.6.1","kafka":"0.10.2.2-5.6.1","openstack-monasca-api":"2.2.1~dev24-3.6.1","python-monasca-api":"2.2.1~dev24-3.6.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 8","name":"ardana-monasca","purl":"pkg:rpm/suse/ardana-monasca&distro=SUSE%20OpenStack%20Cloud%208"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"8.0+git.1535031421.9262a47-3.12.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ardana-monasca":"8.0+git.1535031421.9262a47-3.12.1","ardana-spark":"8.0+git.1534267176.a5f3a22-3.6.1","kafka":"0.10.2.2-5.6.1","openstack-monasca-api":"2.2.1~dev24-3.6.1","python-monasca-api":"2.2.1~dev24-3.6.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 8","name":"ardana-spark","purl":"pkg:rpm/suse/ardana-spark&distro=SUSE%20OpenStack%20Cloud%208"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"8.0+git.1534267176.a5f3a22-3.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ardana-monasca":"8.0+git.1535031421.9262a47-3.12.1","ardana-spark":"8.0+git.1534267176.a5f3a22-3.6.1","kafka":"0.10.2.2-5.6.1","openstack-monasca-api":"2.2.1~dev24-3.6.1","python-monasca-api":"2.2.1~dev24-3.6.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 8","name":"kafka","purl":"pkg:rpm/suse/kafka&distro=SUSE%20OpenStack%20Cloud%208"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.10.2.2-5.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ardana-monasca":"8.0+git.1535031421.9262a47-3.12.1","ardana-spark":"8.0+git.1534267176.a5f3a22-3.6.1","kafka":"0.10.2.2-5.6.1","openstack-monasca-api":"2.2.1~dev24-3.6.1","python-monasca-api":"2.2.1~dev24-3.6.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 8","name":"openstack-monasca-api","purl":"pkg:rpm/suse/openstack-monasca-api&distro=SUSE%20OpenStack%20Cloud%208"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.2.1~dev24-3.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kafka":"0.10.2.2-5.6.1","openstack-monasca-api":"2.2.1~dev24-3.6.1","python-monasca-api":"2.2.1~dev24-3.6.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud Crowbar 8","name":"kafka","purl":"pkg:rpm/suse/kafka&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.10.2.2-5.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kafka":"0.10.2.2-5.6.1","openstack-monasca-api":"2.2.1~dev24-3.6.1","python-monasca-api":"2.2.1~dev24-3.6.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud Crowbar 8","name":"openstack-monasca-api","purl":"pkg:rpm/suse/openstack-monasca-api&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.2.1~dev24-3.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for ardana-monasca, ardana-spark, kafka, kafka-kit, openstack-monasca-api fixes the following issues:\n\nThis update for ardana-monasca to version 8.0+git.1535031421.9262a47 fixes these issues:\n\n- Requests Apache to reload on change (bsc#1102662)\n- Avoids managing non-Monasca users (bsc#1102662)\n- Line up perms on storm.conf to match rpm (bsc#1094971)\n\nThis update for ardana-spark to version 8.0+git.1532114050.04654a8 fixes this issue:\n\n- Only set log dir perms on legacy install (bsc#1094851)\n\nThis update for kafka to version 0.10.2.2 fixes this security issue:\n\n- CVE-2018-1288: Authenticated Kafka users may have performed action reserved\n  for the Broker via a manually created fetch request interfering with data\n  replication, resulting in data loss (bsc#1102920).\n\nThis update for kafka to version 0.10.2.2 fixes these non-security issues:\n\n- set internal.leave.group.on.close to false in KafkaStreams\n- Improve message for Kafka failed startup with non-Kafka data in data.dirs\n- add max_number _of_retries to exponential backoff strategy\n- Mute logger for reflections.org at the warn level in system tests\n- Kafka connect: error with special characters in connector name\n- streams task gets stuck after re-balance due to LockException\n- CachingSessionStore doesn't use the default keySerde.\n- RocksDBSessionStore doesn't use default aggSerde.\n- Recommended values for Connect transformations contain the wrong class name\n- Kafka broker fails to start if a topic containing dot in its name is marked for delete but hasn't been deleted during previous uptime\n- GlobalKTable does not checkpoint offsets after restoring state\n- Log cleaning can increase message size and cause cleaner to crash with buffer overflow\n- Some socket connections not closed after restart of Kafka Streams\n- Distributed Herder Deadlocks on Shutdown\n- Log cleaner fails due to large offset in segment file\n- StreamsKafkaClient should not use StreamsConfig.POLL_MS_CONFIG\n- Refactor kafkatest docker support\n- ducktape kafka service: do not assume Service contains num_nodes\n- Using _DUCKTAPE_OPTIONS has no effect on executing tests\n- Connect WorkerSinkTask out of order offset commit can lead to inconsistent state\n- RocksDB segments not removed when store is closed causes re-initialization to fail\n- FetchMetadata creates unneeded Strings on instantiation\n- SourceTask#stop() not called after exception raised in poll()\n- Sink connectors that explicitly 'resume' topic partitions can resume a paused task\n- GlobalStateManagerImpl should not write offsets of in-memory stores in checkpoint file\n- Source KTable checkpoint is not correct\n- ConnectSchema#equals() broken for array-typed default values\n\nThis update for openstack-monasca-api to version 2.2.1~dev24 fixes these issues:\n\n- devstack: download storm from archive.apache.org\n- Backport tempest test robustness improvements\n- 1724543-fixed kafka partition creation error in devstack installation\n- Fix:No alarms created if metric name in alarm def. expr. is mix case\n- Zuul: Remove project name\n- Run against Pike requirements\n","id":"SUSE-SU-2018:3563-1","modified":"2018-10-30T06:10:54Z","published":"2018-10-30T06:10:54Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20183563-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1094851"},{"type":"REPORT","url":"https://bugzilla.suse.com/1094971"},{"type":"REPORT","url":"https://bugzilla.suse.com/1102662"},{"type":"REPORT","url":"https://bugzilla.suse.com/1102920"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1288"}],"related":["CVE-2018-1288"],"summary":"Security update for ardana-monasca, ardana-spark, kafka, kafka-kit, openstack-monasca-api","upstream":["CVE-2018-1288"]}